Advertisement

Get those Verizon Fios routers patched, Tenable says

The research highlights the extent to which routers can be a gateway for hackers into networked homes.
(Getty)

If hackers managed to exploit vulnerabilities in widely used Verizon Fios routers, they would have full control of a wireless home network and access to devices connected to them, researchers said Tuesday.

The new vulnerabilities, uncovered by cybersecurity company Tenable, point to underlying security issues in Verizon Fios Quantum Gateway routers, which are given to new customers unless they opt out. In tinkering with his Fios router, Chris Lyne, a Tenable researcher, showed how an attacker could change security settings on the router or capture login requests sent through the device.

The research highlights the extent to which routers can be a gateway into networked homes. An attacker who is authenticated to the router’s administrative web portal could exploit one of the vulnerabilities to gain root-level access to the router, Lyne said. The exploit can be run through two possible password parameters, which load a script on the router’s web interface.

Root-level access would allow attackers to record internet traffic relayed through the router or to probe other devices connected to it. While a hacker would generally need access to a local network to do that, Tenable said a remote attack is possible if a setting on the router is enabled.

Advertisement

Verizon issued a firmware patch to address the vulnerabilities, and Lyne praised Verizon and software vendor Greenwave Systems for working together on the fix.

Lyne’s discoveries are the latest cautionary tale in how the hyper-connectivity of the smart home can be abused by hackers. Last month, researchers with Trend Micro showed how an attacker could disable the motion sensors used to secure certain homes.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts