Data Security

Thousands of Orange routers are leaking WiFi passwords

This flaw would allow hackers to perform various malicious activities

Cybersecurity and ethical hacking experts from
the International Institute of Cyber Security Report that a critical vulnerability
present in about 20k routers from the manufacturer Orange has resulted in a SSID and WiFi passwords leaking. In addition
to the information leaking devices, over 2k routers have been classified as
being exposed to Internet attacks.

The company’s honeypots detected for the first
time the attack traffic directed to the Orange Livebox ADSL modems. After
conducting a search on Shodan, the cybersecurity expert Troy Mursch found that 19 490 devices
of this type leaked their WiFi credentials in plain text.

According to the expert report, many of the
devices that showed this WiFi password leaking use the same access keys for the
device administration, or even lack a password set by the admin, so the
attackers find the default passwords in a very easy way.

“The vulnerability would allow a remote
attacker to access the compromised router and modify the device or firmware
settings. In addition, attackers could get the phone number linked to the
router and perform other hacking or social engineering activities,” said the
cybersecurity expert.

According to Mursch’s report, most of the
compromised routers are in Spain; in addition, the traffic of the attack has
also been linked to an IP address associated to a client of the company
Telefónica España.

“At the moment we do not know the reasons for
the attack, although we find it interesting to discover that the source is in a
nearby location, even though we thought it was a malicious actor in another
country,” the expert mentioned. “This could allow attackers to connect to the
WiFi network if they were closer to one of the indexed modems in the search on
Shodan”.

The vulnerability, tracked as CVE-2018-20377, is already being
investigated by Orange. Further company reports are expected over the next few
days. For many cybersecurity experts, most home-use routers remain an important
vector for deploying cyberattacks due to their limited security measures, so
hackers can use these devices to build huge botnets. Recently, a group of
researchers discovered a botnet composed of more than 100k compromised devices,
mainly domestic-use routers.

To Top

Pin It on Pinterest

Share This