For the privileged Americans that can get fiber internet to their home with blazing fast upload/download speeds, there might be more to worry about than blowing through their data allotment in a couple days. Reports are surfacing that various GPON home routers have flaws that could allow nefarious hackers to bypass all authentication on the devices.
The method of bypassing authentication is as simple as attaching an image suffix to the URL of a GPON HTTP server. VpnMentor says that after the initial authentication is bypassed, a command injection vulnerability (CVE-2018-10562) to run commands on the device can be executed. These two critical vulnerabilities, when combined, can allow complete control of the home network.
The company said, “While looking through the device functionalities, we noticed the diagnostic endpoint contained the ping and traceroute commands. It didn’t take much to figure out that the commands can be injected by the host parameter. Since the router saves ping results…and transmits [them] to the user…it’s quite simple to execute commands and retrieve their output with the authentication bypass vulnerability.”
These vulnerabilities would allow an attacker to see the IP address of specific routers and in some cases match those to physical addresses. The attacker could also see what the user is doing online. Skilled attackers could also set up a man-in-the-middle phishing page to harvest user credentials.
“There’s a privacy aspect here too,” explained Ariel Hochstadt, co-founder of vpnMentor, in an interview with ThreatPost. “It’s possible to take an entire browsing history for someone from the last 30 days and send it to all of their friends, via Facebook or mail, because you have access to the browsing history and you can skim credentials.”
GPON is a fiber-based passive optical network ISP deployment, it is viewed by many as the future of broadband. “We tested this vulnerability on many random GPON routers, and the vulnerability was found on all of them,” the vpnMentor researchers said. “Because so many people use these types of routers, this vulnerability can result in an entire network compromise.”