Inteno Router Flaw Opens Up Home Networks To Hackers

A critical vulnerability in some Inteno routers has been discovered by security researchers from F-Secure, who warned that the flaw allows hackers to hijack the device and monitor its traffic.

The researchers found that a flaw in the way the router validates its firmware, usually received from a user’s internet service provider (ISP), allows hackers to set up fake update servers and use them to push malicious updates to a targeted Inteno router and gain full administrator access to it.

By failing to validate the Auto Configuration Server certificate, CWE-295, hackers can perform man-in-the-middle attacks on the certain models of the Inteno home router, currently the EG500, FG101, and DG201.

Security hole

The hack is particularly problematic as it not only allows for the monitoring of traffic going from a device to the internet, but also enables a hacker to snoop on all the data that goes between various other devices connected to the router. The flaw also opens up the routers’ users to being manipulated by the hacker to visit malicious websites.

“By changing the firmware, the attacker can change any and all rules of the router,” says Janne Kauhanen, a cyber security expert at F-Secure.

“Watching video content you’re storing on another computer? So is the attacker. Updating another device through the router? Hopefully it’s not vulnerable like this, or they’ll own that too. Of course, HTTPS traffic is encrypted, so the attacker won’t see that as easily. But they can still redirect all your traffic to malicious sites that enable them to drop malware on your machine.”

The security firm also noted that the only way to protect against the flaw is to replace the router with a completely new one that does not have the vulnerability, or waiting until new firmware to patches the problem is released.

However, F-Secure appears to have contacted Inteno about the vulnerability but the company has said the responsibility lies with the ISPs who provide the routers as part of their service. As such, it is yet unknown if Inteno has patched the flaw.

There is some comfort for Inteno users in that, according to F-Secure, the flaw can only be exploited if an attacker has gained a “privileged network position between the router and the point of entry of the internet”.

But the flaw still highlights how routers often lack the robust security they need given they sit at the nexus of many people’s internet and smart device use.

And such router flaws are increasingly being exploited by fraudsters and hackers; the notorious hacking group Lizard Squad used unsecured routers as a way to power its LizardStresser DDoS attack service.

Test your cybersecurity knowledge – take our quiz!

Roland Moore-Colyer

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

View Comments

  • To add more to router security, i would urge users to enhance security by acquiring services of a top VPN, as it provides 256 bit encryption to all the devices connected to the router. My personal recommendation would be Purevpn, search and compare it with others.

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

1 hour ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

2 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

3 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

5 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

7 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

8 hours ago