New research from cybersecurity firm Tenable has discovered multiple vulnerabilities in Verizon Fios Quantum Gateway routers.
If exploited, these vulnerabilities would give an attacker complete control over the router and visibility into everything connected to it which quite alarming given the fact that millions of these devices are currently in use in homes across the US.
The rise of smart homes have turned consumer routers into a top target for cybercriminals and the vulnerabilities (CVE-2019-3914, CVE-2019-3915 and CVE-2019-3916) found by Tenable Research enable a number of attack scenarios that extend to smart devices such as home security systems.
Since these systems are connected to the router and can be compromised remotely, an attacker could potentially tamper with their security settings, change firewall settings or remove parental controls. They could even analyze network traffic to further compromise a victim’s online accounts, steal bank details and swipe passwords.
Co-Founder and Chief Technology Officer at Tenable, Renaud Deraison explained how routers have become a virtual entry point for potential attackers, saying:
“Routers are the central hub of every smart home today. They keep us connected to the corners of the internet, secure our homes and, even, remotely unlock doors. However, they also act as a virtual entry point into the very heart of the modern home, controlling not just what goes out, but also who comes in.”
Tenable has informed Verizon of its discovery and the telecom has assured users that firmware version 02.02.00.12 will address these vulnerabilities and that affected devices will be updated remotely.
TechRadar Pro reached out to Tenable and the company’s senior research engineer Chris Lyne offered the following advice for Verizon customers, saying:
“A Verizon customer can check their router’s firmware version in a matter of minutes. First, they must log into their router’s web interface. The user is ‘admin’, and the default password is printed on the side of their router. Unless the password has been manually changed, that should log them in. After logging in, click System Monitoring. The firmware version will be displayed. As of now, 02.02.00.13 is the latest version, and it contains the patch. In addition to ensuring they have the updated firmware, other precautions users can take are to disable remote administration on their router. Also, change the router’s administrator password, so it is different from the one on the side of the router.”