Millions Of Home Internet Routers Open To Cyberattack, New Study Warns
New research[pdf] by Ben-Gurion University outlines how security vulnerabilities in modern routers could enable threat actors with access to a guest network that is separated from a host network to exfiltrate data from the host network or launch an attack to compromise it.
The researchers have developed attacks that use “specially-crafted network traffic” to overcome network isolation performed by modern routers. The attacks enabled only the exfiltration of limited amounts of data at a time, but this would be sufficient in the context of a targeted attack. In order to exploit the vulnerabilities, routers do not have to be connected to the Internet. As long as internal connectivity is provided, the attacks work. The researchers warn that “all of the routers surveyed—regardless of brand or price point—were vulnerable to at least some cross-network communication.”