Over a million vulnerable fiber routers can be easily hacked

Most of the GPON home gateways are found in Mexico, Kazakhstan, and Vietnam.
Written by Zack Whittaker, Contributor

(Image: File photo)

Over a million fiber routers can be remotely accessed, thanks to an authentication bypass bug that's easily exploited by modifying the URL in the browser's address bar.

The bug lets anyone bypass the router's login page and access pages within -- simply by adding "?images/" to the end of the web address on any of the router's configuration pages, giving an attacker near complete access to the router. Because the ping and traceroute commands on the device's diagnostic page are running at "root" level, other commands can be remotely run on the device, too.

The findings, published Monday, say the bug is found in routers used for fiber connections. These routers are central in bringing high-speed fiber internet to people's homes.

At the time of writing, about 1.06 million routers marked were listed on Shodan, the search engine for unprotected devices and databases. Half the vulnerable routers are located on the Telmex network in Mexico, and the rest are found on in Kazakhstan and Vietnam.

The researcher said that Dasan Networks, a Korea-based technology company, built the router. We contacted Dasan but did not immediately hear back. We also contacted Telmex, an internet provider with the largest number of vulnerable devices, but an email was not returned.

The anonymous security researcher who discovered the bug told ZDNet that the damage could go far further than affected routers alone.

"Since this device serves as a router, it means it controls its own network. Which means the whole network (not just this device) can serve as botnets," the researcher said. He added that the router could be easily tampered with to modify its DNS settings to redirect users into visiting a malicious version of a website that can steal a user's credentials.

Read also: A new Mirai-style botnet is targeting the financial sector | Russian hackers are attacking home routers, ISPs and business firewalls to spy and steal data, warns US, UK | DDoS mystery: Who's behind this massive wave of attacks targeting Dutch banks? | Fear the Reaper? Experts reassess the botnet's size and firepower

Routers are a prime target for hackers to abuse, as they're a central point in most networks that -- when attacked -- can allow an attacker to gain further footholds into a network.

Earlier this month, both UK and US authorities warned that Russian hackers are using compromised routers to lay the groundwork for future attacks. Hackers are exploiting weak router security -- often by simply using the default username and password -- to conduct cyber-espionage.

They're also an easy target; routers are notoriously prone to security flaws. They can be easily hacked, hijacked by a botnet, and enlisted into pummeling targets with internet traffic, knocking them offline. These distributed denial-of-service (DDoS) attacks can bring down large swathes of the internet when targeted precisely.

Recent research suggests DDoS attacks are only getting stronger as router security fails to get better.

Editorial standards