Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Mirai router worm is an industry issue affecting many ISPs

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

December 6, 2016

It appears that hackers have moved on from simply planting malware on vulnerable cable routers supplied to consumers by various ISPs to outright stealing Wi-Fi keys from across the board.

Case in point: Andrew Tierney, a security researcher at the consultancy Pen Test Partners in Britain, noticed the new trend in the various tactics in attacks perpretated against its honeypot network over the past weekend.

For instance, subscribers of the ISP TalkTalk in the U.K. are among those at the most immediate risk of having their Wi-Fi credentials stolen.

The TalkTalk router firmware fix fails to solve this security issue since it reverts customers back to a default password that hackers might already have snatched, Pen Test Partners asserted the public.

The ISP published a fix to the TR-064/Annie security problem. What this does is disable the TR-064 interface and it resets the cable router.

It then resets the default passwords back to the ones written on the back of the router. However, the issue is that nearly all customers never change their Wi-Fi key from that written on the router.

The net result is that hackers have already stolen their Wi-Fi keys, and the TalkTalk fix simply resets the router to the exact same keys that have already been stolen! Talk about a Catch 22 situation gone wild...

The TR-064 security vulnerability sup1 means that hackers can access or alter the device's LAN configuration from the WAN-side using the TR-064 protocol.

“Potential attackers appear to have gotten used to the fact that the TR-064 vulnerability can be used for more than just recruiting the router into a botnet,” Pen Test Partners asserted.

“We run a TR-064 honeypot here and saw requests last night, which alerted us to the security problem. Here you can see someone trying to steal our Wi-Fi network key using the ‘GetSecurityKeys’ command.”

However, the attacker has to be physically close to the router to successfully compromise the Wi-Fi keys, a major mitigating factor.

But if you already know the SSID (also stolen using the Annie worm) they can use databases such as https://wigle.net to find your victim’s house.

TalkTalk and other ISP customers that use similar routers are likely to have had their Wi-Fi keys stolen, opening them up to hackers, Pen Test Partners concludes.

The security firm thus recommends that TalkTalk take the radical step of replacing customer routers in all cases where it’s impossible to rule out any other security compromises.

Overall, users in the short term can still fix the issue directly by resetting their router. Simply follow the TalkTalk advice and then change your Wi-Fi password.

TalkTalk supplies its customers with routers manufactured by D-Link, as previously reported. Other ISPs using equipment from other manufacturers may be affected as well since the TR-064 security issue isn't restricted to D-Link alone.

Pen Test Partners’ honey pot reveals hacker activity targeting the United Kingdom in particular, which means that TalkTalk’s customers may be at greater risk than most.

As is already widely known, the Mirai worm is an industry issue, affecting many ISPs around the globe. A small number of TalkTalk customers have been affected, but we can reassure subscribers that no personal information is at risk, a TalkTalk representative said.

Source: TalkTalk.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer