News

Routers With Default Username And Password Can Be Used To Attack Internet Providers


Ever thought your router is secured just because it has the default administrator username and password? Think again! It is reported that many of those home networking devices such as routers will be the next target for cyber criminal groups to commit online attacks.

IOActive researchers Ehab Hussein and Sofiane Taimat said that millions of home routers and gateways will be used to launch multiple attacks on the ISP and create problems for its end users at the same time. These exploits will be used by many cyber criminal groups, hacktivists or even from those with a motive to distribute malware and even committing a denial of service attack on ISPs.

This is possible since internet service providers use ID blocks and assign them to the customer’s premise equipment for easy identification in their back-end process. But by doing so, one can obtain information from routers that use factory setting’s username and password by default assigned by the respected router manufacturers or by ISPs that have their own branded router setting interface.

As expected, wireless networks with default router setting’s username and password can be used easily to launch an attack on the ISPs and disrupt their services. Once attackers get an access via the router, they can extract information about the netblocks and plan their attack over the ISP accordingly. Furthermore, free tools like ‘WhoIS’ and ‘IPInfoDB’ can provide information about the IP addresses assigned by the ISPs with these netblocks such as location, therefore giving them access to the areas’ internet connections.

There was a similar warning given during January when a security firm ‘Rapid 7’ warned about a vulnerability in Universal Plug n Play protocol network devices manufactured by about 1,500 home networking companies.

To make a point to show the vulnerability of this, Hussein and Taimat generated a list of IP addresses and scanned the systems for accessible routers to do a simple attack by using a neighbouring wireless router that uses default login credentials. The end result was that they were able to access more than 400,000 vulnerable systems by accessing through the netblocks via the same router. Had this been hackers instead of researchers, the end result would be series of DDOS, and other attacks possible, followed by issue that ISP needs to face, from the attackers and from the consumers.

IOActive recommends that ISPs that give wireless routers to consumer should stop shipping home networking products with trivial default admin username and passwords. ISPs should also have a system where they can refuse to assign IP addresses on user’s routers which uses default login credentials.

Source: Security Ledger

Roshan Ashraf Shaikh

Disqus Comments Loading...

Recent Posts

BenQ MOBIUZ EX2710Q 27″ QHD 165Hz 1ms, HDRi IPS Gaming Monitor

SpeakersSpeakersYesSpeaker amount and power output2x 2 WattDimensionsLength / Depth252.5 mmWidth614 mmHeight525.8 mmWeight7.4 kgStandards / SpecificationsAdaptive…

3 hours ago

Intel Core i7-12700KF 3.60GHz Socket LGA1700 Processor

Thermal SpecificationsMax. TDP125 WCPUCPU ManufacturerIntelCPU SeriesIntel Core i7CPU Socket1700CPU ArchitectureIntel Alder Lake-SCPU Cores12CPU Threads20Performance Cores8Efficiency…

3 hours ago

AOC 24B3HA2 24″ 1920×1080 VA 100Hz 1m Widescreen LED Multimedia Monitor 

AOC 24B3HA2 23.6 1920x1080 VA 100Hz 1m Widescreen LED Multimedia Monitor - Black High-performance clarity…

3 hours ago

Corsair Hydro Series iCUE Link H115i RGB Performance Liquid CPU Cooler

Fan SpecificationsFan Size140 mmColourPrimary ColourBlackSecondary ColourWhiteMaterialsMaterialsAluminium, Copper, RubberLightingLightingYesLighting ColourRGBLighting CompatibilityCorsair iCUEAdditional ContentsIncluded fans2x 140 mmTypeCPU…

3 hours ago

Philips Evnia 34″ 34M2C6500/00 3440×1440 QD-OLED 175Hz 1ms FreeSync Curved Ultrawide Gaming Monitor

This monitor is built with features that make incredible visuals. With VESA ClearMR 9000 and…

3 hours ago

Asus Radeon RX 7900 XTX TUF OC 24GB GDDR6 PCI-Express Graphics Card

The AMD RDNA™ 3 Architecture elevated by buffed cooling and power delivery to effortlessly churn…

3 hours ago