As if there wasn’t enough news going around about software and hardware security vulnerabilities, Carnegie Mellon has announced that Belkin N600 DB routers are at risk of being hijacked. In their advisory, CERT said that unauthenticated hijackers would take control of the Belkin router and spoof the DNS, resulting in the user being redirected to malicious websites or even allowing them to change the device configurations remotely.
In their report, Carnegie Mellon said that the Belkin N600 routers don’t require a password by default to access the administration interface, meaning that attackers wouldn’t even have to authenticate at all to hijack the router. CERT also mentioned that they were not aware of any patches to remedy the problem and are advising users to set strong passwords for both the management interface and the wi-fi password to avoid attacks.
Additionally, they said that users of the Belkin router should NEVER be surfing the internet while they have the administration interface open as it would expose the functions of the router to the internet, leaving easy access for an attacker.
Unfortunately, there are no ways to fix the security issue without Belkin issuing a new patch to remedy the problem. It seems that the best protection available is an old, but effective strategy: use strong passwords.
Image Credit: http://bit.ly/1Fmm6z5 | Wikimedia Commons