Modern Wi-Fi routers have been found to be vulnerable to a dangerous vulnerability due to a technical design issue. A research team uncovered that the problem lies within the specifications of the network protocols and until changes into them are made it is probable the issue will remain unfixed.
Network Design Protocols Make Wi-Fi Routers Vulnerable to Hackers
Wi-Fi routers have been found to be vulnerable to a new type of attack, one that is dependant on problems in the network design protocol implementation. This was discovered by a team of researchers showcasing that there is a fundamental weakness in the Wi-Fi design. They were made over 20 years and changes to their implementation is regarded as very difficult, this is the reason why reports indicate that the bugs are practically unfixable.
The weakness basically allows malicious hackers to spoof network packets. The exploit requires the victim user to visit a specific site controlled by the hackers. The site will execute a JavaScript code that will establish a TCP connection to a banking site or another target. The victim user is not made aware that this connection has been made. When the target banking site is visited by the user the cached page will actually be a counterfeit copy. This poisoning attack does not work with encrypted sites — those that use HSTS, HTTPS and Ethernet connections.
During the testing of the bug the analysis shows that some banking websites use ordinary HTTP protocols for their home pages and the secure connections are made when the users are redirected to the actual online banking landing pages. This is particularly important as the users can be redirected to a fake page easily.
Other malicious actions that can be caused by abuse of the Wi-Fi routers protocols implementations include spread of fake news and information theft. The experts also note that advanced configurations and techniques can lead to espionage attempts.
A permanent solution to the problem is to program the routers to operate on different frequencies when transmitting and receiving data. This may require changes to the protocols which would require a core revision of the specifications.