Netgear router exploit discovered
A US security researcher has said that his Netgear router was hacked after attackers found a flaw in the machine.
Joe Giron told the BBC that he discovered the altered administrator settings on his router in September. The compromised router was then customised to send website browsing information to a malicious Internet address.
Netgear says that the vulnerability is serious, however it affects less than 5,000 devices. Mr Giron discovered that the DNS settings in his router had been changed to a suspicious IP address and that “for two or three days all my DNS traffic was being sent over to them”.
This means that the attacker could have tracked which websites that Mr Giron was visiting and even redirected him to malicious websites. The vulnerability has also been documented by security researchers Compass Security and Shellshock Labs.
“Is it serious? Yes it definitely is,” said Jonathan Wu, senior director of product management at Netgear, one of the top three router brands in the US.
“Because whenever anybody gets access to your router, they can alter settings to direct traffic to places you don’t want it to go to.”
Netgear has confirmed that the patch for the router will be released on Wednesday 14th October and that users would be prompted to update their firmware when logged into the admin settings or via the application.