Putin might already have your Wi-Fi password

Putin face copy

Russian hackers are trying to gain access to Western internet routers and data switches.
Routers and switches control how you access the internet, and how the internet gets to you. They are found in the kind of Wi-Fi network router box you might have in your own home and the kind of huge corporate networks that link employees’ computers together.
Cisco has warned customers to disable older versions of its Smart Install products to prevent Russian hacking.
Russia could use affected devices to launch widescale denial of service attacks that paralyze the internet.

The Russians are hacking into Western internet routers and data switches in order to read all the internet traffic that flows through them, according to an unusual joint announcement from UK and US cyber-security services.

If they are successful — and the UK’s National Cyber Security Centre (NCSC) says they have been — they could be able to see everything you do on the web. Anytime you punch in your Wi-Fi, bank, or social media passwords, hackers can record that information, if your web activity goes through any routers or switchers they have breached.

Routers and switches control how you access the internet, and how the internet gets to you. They are found in the kind of Wi-Fi network router box you might have in your own home and the kind of huge corporate networks that link together employees’ computers with their printers, servers, and data centers. Switches control traffic inside a network, making sure it all goes to the right place. Routers control traffic between networks. If you can see the traffic going through these devices, you can pretty much see everything.

One of the vulnerabilities they’re using is a flaw in older versions of Cisco’s Smart Install product. That software allows network administrators to control their internet switches remotely.

Cisco describes the product this way: “Smart Install is a plug-and-play configuration and image-management feature that provides zero-touch deployment for new switches. You can ship a switch to a location, place it in the network and power it on with no configuration required on the device.”

The problem is that the Russians can now do that, too.

“Imagine, for example, a massive distributed denial of service attack where the source of the attack was home routers – who would you blame?”

Cisco warns its customers to disable the product after it has been used precisely to prevent this kind of hack. But many people forget, leaving the software in command of the switches:

“Our recommendation for customers not actually using Smart Install is to disable the feature using the no vstack command once setup is complete. … If not properly disabled or secured following setup, Smart Install could allow for the exfiltration and modification of configuration files, among other things, even without the presence of a vulnerability.”

The NCSC warned about Russian spying through routers in August 2017. It said British telecoms and internet service providers had been hacked:

“The NCSC is aware of a number of router compromises in telecommunications companies and Internet Service …read more

Source:: Business Insider – Tech

(Visited 2 times, 1 visits today)

Leave a Reply

Your email address will not be published. Required fields are marked *