April 9, 2019
Threat actors could gain complete control of home routers and access to network traffic without needing physical access to the device
Tenable®, Inc., the Cyber Exposure company, today announced that its research team has discovered multiple vulnerabilities in Verizon Fios Quantum Gateway routers. If exploited, the vulnerabilities would give an attacker complete control over the router and visibility into everything connected to it. Millions of these devices are currently in use in U.S. homes.
The rise of the smart home has turned the humble router into a top target for cybercriminals. These latest vulnerabilities discovered by Tenable Research (CVE-2019-3914, CVE-2019-3915 and CVE-2019-3916) enable a number of attack scenarios that extend to smart devices, such as home security systems, that are connected to the router and can be compromised remotely. An attacker could tamper with the security settings of the device, change firewall rules or remove parental controls. They could sniff network traffic to further compromise a victim’s online accounts, steal bank details and swipe passwords.
“Routers are the central hub of every smart home today. They keep us connected to the corners of the internet, secure our homes and, even, remotely unlock doors,” said Renaud Deraison, co-founder and chief technology officer, Tenable. “However, they also act as a virtual entry point into the very heart of the modern home, controlling not just what goes out, but also who comes in.”
Verizon has advised that firmware version 02.02.00.13 will address these vulnerabilities and that affected devices will be updated remotely. Users are urged to confirm their device is updated to this version and to contact Verizon with any questions.
For more technical information on the vulnerabilities, read the Tenable Research blog post on Medium.
Tenable®, Inc. は、Cyber Exposureのソリューションを提供する会社です。27,000の企業がサイバーセキュリティリスクを把握し低減するためにTenableを採用しています。Nessus® の開発者であるTenableは、脆弱性に対する専門性をさらに広げ、あらゆる情報資産やデバイスの脆弱性を管理、保護できる世界初のセキュリティプラットフォーム「Tenable.io®」を展開しています。Tenableのセキュリティプラットフォームは、米国ビジネス誌Fortuneが選定する『Fortune 500』(総収入に基づいた全米上位500社) に選ばれている企業の50%、世界の有力企業2000社の25%に導入されています。詳細は www.tenable.com へ。