Some researchers would have found a vulnerability in the password manager that allows hackers to remotely acquire access keys
The U.S. company Netgear once again ends up in the eye of the storm. And always for the same problems. The security system of some of its routers would be vulnerable. In fact, hackers would be able to remotely take possession of the administrator password.
The data of millions of users would be in danger again. As reported by some of the main newspapers specialized in computer security, Netgear routers would have a new internal flaw that, in practice, would allow third parties to remotely access private connections. A scoprire la vulnerabilità è stato Simon Kenin, un ricercatore esperto in cyber security presso lo SpiderLabs di Trustwave, un’azienda sempre specializzata in sicurezza informatica. Se siete, dunque, tra coloro che a casa hanno un router prodotto dalla società americana è bene che prestiate particolare attenzione.
Ecco come colpisce la vulnerabilità
Secondo gli esperti, sarebbero circa 31 i modelli dei router in cui sarebbe stata rinvenuta la nuova falla di sicurezza. A finire sotto accusa, sempre facendo riferimento a queste notizie, è il sistema che permette agli utenti di recuperare la password in remoto. È proprio lì, infatti, che si anniderebbe il pericolo. Il ricercatore è stato in grado di recuperare le credenziali di accesso dimenticate del router accedendo al servizio web e sfruttando proprio l’ultima vulnerabilità scoperta. Despite the fact that the American company claims that the remote password manager is disabled by default, there are millions of users who still leave the service "on".
Failure that endangers user data
In practice, experts were able to discover the password using exploits discovered in 2014 that allowed them to identify the new flaw. What are the dangers? Many. The vulnerability could deliver our data into the hands of hackers who, using the new flaw discovered on some of Netgear's most used router models, would be able to access our connections remotely and all Internet of Things devices. What can we do? Check if new firmware is available and download it immediately. The company however admitted the vulnerability and released an update for each router involved.
To find out all the vulnerable models, here is the link (available in English).