Millions of Wi-Fi Routers Could Be Enslaved in Nasty Mirai Botnet, Check Your Model Here

[ad_1]

botnet discovered affecting some wifi routers

Earlier this month, security researchers at Tenable discovered a vulnerability that allowed attackers to bypass authentication on millions of routers from 17 different vendors. However, it now appears that threat actors are actively exploiting this to deploy malicious Mirai botnet payloads.

Tenable’s Evan Grant published research on August 3 that determined that anyone can bypass authentication on devices made by Arcadyan. In short, the problem stems from the router’s handling of URLs, in that it stops checking for bypass attempts as soon as it finds part of the URL in a bypass or whitelist.

example 2 new router vulnerability exploited for botnet

Using Grant’s example, if you wanted to navigate to http: //router/images/someimage.png it would load it normally because / images / is in the bypass_list. However, with a little tinkering, you can add /info.html or any page to the URL as long as a bypass list option appears earlier in the URL. Then you can go to the pages that usually require authentication.

Days later, Juniper Networks security researchers Mounir Hahad and Alex Burt “identified attack patterns that attempt to exploit this vulnerability in the wild from an IP address located in Wuhan, Saskatchewan. Hubei province, China ”. These active exploitation attempts appeared to be trying to deploy a Mirai botnet variant on the vulnerable routers we’ve listed below, courtesy of Tenable.

table of routers potentially affected in the botnet — *List of routers potentially affected in the botnet*

If your router is on the list above, you need to contact your router vendor, be it your ISP or the manufacturer itself, and find out how to fix the system. Having a whole new vulnerability exploited in the wild is incredibly concerning because people don’t have much time to react. Hopefully the router vendors act quickly and release an automatic update that fixes the issue, but in the meantime let us know if you’re affected in the comments below.

[ad_2]

Source link