As cybersecurity solutions tighten up and prevent many attacks, threat actors are looking for new and innovative ways to attack systems. This has led to a rise in attacks that start “outside and below the operating system layer,” such as firmware attacks and ransomware attacks through VPN devices or other internet-facing devices, as Microsoft explains. Thus, it is critical to secure software that runs things like routers, as the Redmond-based company has now discovered.
Published on the Microsoft Security blog yesterday, the MS365 Defender Research Team was researching device fingerprinting within Microsoft Defender for Endpoint when the team found some interesting activity. Microsoft Defender had flagged “a device owned by a non-IT personnel was trying to access a NETGEAR DGN-2200v1 router’s management port,” which is definitely not normal. While the communication to the router was encrypted, this did not stop the team, who then decided to look at the router and its firmware to see if it had security weaknesses.
After unpacking the router’s firmware, the researchers found three vulnerabilities that could be exploited reliably. The first of these was an authentication bypass, allowing an attacker to log into any page of the router’s web control page by appending .jpg, .gif, or other filetypes. After an attacker gains control of a router, they could use the second vulnerability, a side-channel attack. This would let an attacker guess a username and password character by character, verifying each one based on the time it takes to fail out in the string comparison against the actual password. Alternatively, the attacker could use the third vulnerability to get a plaintext password and username after exploiting the first vulnerability.
After these were found, Microsoft disclosed its findings to NETGEAR, which has now fixed the issues and is recommending NETGEAR DGN-2200v1 owners update their firmware. However, this is just one router of thousands, and there are likely many more undiscovered vulnerabilities for each one. This is why Microsoft “emphasize[s] the importance of securing the full range of platforms and devices, including IoT,” as you never know what is next in the hacker’s playbook.