New research by cyber security company Tenable has discovered multiple vulnerabilities in Verizon Fios Quantum Gateway routers.
If these vulnerabilities are exploited, this would give the attacker full control over the router and an understanding of everything connected to it, which is pretty worrying, given that millions of these devices are currently being used in homes in the US.
The rise of smart homes has made consumer routers a top rate for cyber criminals and the vulnerabilities (CVE-2019-3914, CVE-2019-3915 and CVE-2019-3916) found by Tenable Research make a number of attack scenarios ' s possibly extending to smart devices such as home security systems.
- Is your router a cyber security risk?
- Smart home security: 10 hacks to protect your house against hackers
- How to change your router password
Because these systems are connected to the router and can be compromised remotely, an attacker could potentially tamper with their security settings, change the firewall settings, or remove parental controls. They can even analyze network traffic to further compromise a victim's online accounts, steal bank details, and erase passwords.
Vulnerabilities of the router
Co-founder and Chief Technology Officer at Tenable, Renaud Deraison explained how routers have become a virtual access point for potential attackers, saying:
"Routers are the central hub of every smart home today. They keep us connected to the corners of the internet, secure our homes and even open doors remotely. However, they also act as a virtual access point into the heart of the modern home and not only control what goes out, but also who comes in. "
Tenable has informed Verizon of its discovery and telecom has assured users that firmware version 02.02.00.12 will address these vulnerabilities and affected devices will be remotely updated.
TechRadar Pro Tenable and the company's senior research engineer, Chris Lyne, offered the following advice to Verizon customers and said:
"A Verizon customer can check the firmware version of his router within a few minutes. First, they must log in to their router's web interface. The user is ' admin ' and the default password is printed on the side of the router has been changed manually, requiring them to be logged in. After logging in, click on System monitoring The firmware version is displayed From now on 02.02.00.13 is the newest version and contains the patch The updated firmware, other precautions that users can take are to disable remote management on their router and also change the router's administrator password so that it is different from the router's. "
- We have also highlighted the best antivirus to protect your devices against the latest cyber threats