Millions of routers are potentially vulnerable to attack reports PAT PILCHER on the latest tech scare.
Spark and Skinny subscribers using the default Spark-supplied router may have just dodged a bullet with their name on it. A vulnerability in the web interface of routers that use Arcadyan firmware could potentially allow remote attackers to bypass authentication, gaining unauthorised access to networks. With a growing number of homes using smart speakers, cameras, and smart doorbells, not to mention doing online shopping, the vulnerability has the potential to be very serious indeed.
Would you like to support our mission to bring intelligence, insight and great writing to entertainment journalism? Help to pay for the coffee that keeps our brains working and fingers typing just for you. Witchdoctor, entertainment for grownups. Your one-off (or monthly) $5 or $10 donation will support Witchdoctor.co.nz. and help us keep producing quality content. It’s really easy to donate, just click the ‘Become a supporter’ button below.
A huge number of routers spanning many brands is affected, with security experts estimating that the number of potentially vulnerable routers could be in the millions. The security flaw was discovered by security researchers Tenable who published an advisory and added proof-of-concept code.
Bizarrely, the vulnerability appears to have been around for some time before it was discovered. Tenable says the vulnerability existed for at least 10 years. This resulted in the vulnerability reaching 20 different router models from over 17 vendors, including Spark and Skinny.
A Spark spokesperson says that while “Spark is aware of a security vulnerability that is present on one of the modems offered to Spark and Skinny broadband customers (Spark Smart Modem – Arcadyan VRV9517) the good news is that Arcadyan has advised us that they do not believe the vulnerability could currently be successfully exploited on our Spark and Skinny modems due to their specific build. Our own testing supports this.”
So, what should Spark and Skinny users with Arcadyan routers do? Spark says that “Spark and Skinny push out upgrades to our modems regularly, so customers should have the latest version. However, checking they are on the latest version can’t hurt.”
Another pointer says Spark is disabling remote WAN web admin if it is enabled. All spark modems have Remote WAN web admin turned off by default. Some customers may have turned it back on to let an IT company remotely manage their router. Spark says that while they do not currently believe that enabling this setting makes the router vulnerable, they suggest that it is good practice to have it disabled if possible.
Thankfully it appears to be a short-term issue as Spark is saying that they “have been working with Arcadyan and have been testing a new version of the modem software with a fix for the vulnerability since last week. As soon as this version is ready, it will automatically be pushed out to the relevant Spark and Skinny Smart Modems.”