Routers With Default Username And Password Can Be Used To Attack Internet Providers
Roshan Ashraf Shaikh / 4 years ago
Ever thought your router is secured just because it has the default administrator username and password? Think again! It is reported that many of those home networking devices such as routers will be the next target for cyber criminal groups to commit online attacks.
IOActive researchers Ehab Hussein and Sofiane Taimat said that millions of home routers and gateways will be used to launch multiple attacks on the ISP and create problems for its end users at the same time. These exploits will be used by many cyber criminal groups, hacktivists or even from those with a motive to distribute malware and even committing a denial of service attack on ISPs.
This is possible since internet service providers use ID blocks and assign them to the customer’s premise equipment for easy identification in their back-end process. But by doing so, one can obtain information from routers that use factory setting’s username and password by default assigned by the respected router manufacturers or by ISPs that have their own branded router setting interface.
As expected, wireless networks with default router setting’s username and password can be used easily to launch an attack on the ISPs and disrupt their services. Once attackers get an access via the router, they can extract information about the netblocks and plan their attack over the ISP accordingly. Furthermore, free tools like ‘WhoIS’ and ‘IPInfoDB’ can provide information about the IP addresses assigned by the ISPs with these netblocks such as location, therefore giving them access to the areas’ internet connections.
There was a similar warning given during January when a security firm ‘Rapid 7’ warned about a vulnerability in Universal Plug n Play protocol network devices manufactured by about 1,500 home networking companies.
To make a point to show the vulnerability of this, Hussein and Taimat generated a list of IP addresses and scanned the systems for accessible routers to do a simple attack by using a neighbouring wireless router that uses default login credentials. The end result was that they were able to access more than 400,000 vulnerable systems by accessing through the netblocks via the same router. Had this been hackers instead of researchers, the end result would be series of DDOS, and other attacks possible, followed by issue that ISP needs to face, from the attackers and from the consumers.
IOActive recommends that ISPs that give wireless routers to consumer should stop shipping home networking products with trivial default admin username and passwords. ISPs should also have a system where they can refuse to assign IP addresses on user’s routers which uses default login credentials.
Source: Security Ledger