In our continuing effort to educate our readers of important security events, I’m updating everyone on the ‘VPNFilter’ vulnerability found on a very large number of routers. We’ve had some feedback and questions regarding this event, and I hope to answer these in this post.
First an update. The news regarding the vulnerability found in network routers gets worse. The article from Ars Technica here outlines further that the capabilities of this exploit is far more sophisticated than previously assumed. The article states that the vulnerability allows a ‘man-in-the-middle attack. It also aggressively works to downgrade security features such as SSL in an effort to steal account usernames and passwords. The quote below from the Ars Technica article will demonstrate the severity of this situation –
“Initially when we saw this we thought it was primarily made for offensive capabilities like routing attacks around the Internet,” Craig Williams, a senior technology leader and global outreach manager at Talos, told Ars. “But it appears [attackers] have completely evolved past that, and now not only does it allow them to do that, but they can manipulate everything going through the compromised device. They can modify your bank account balance so that it looks normal while at the same time they’re siphoning off money and potentially PGP keys and things like that. They can manipulate everything going in and out of the device.”
Secondly, it has been asked if this situation is less severe since the FBI has managed to counteract it in some way. We believe that this is still of extreme danger because this vulnerability was made internationally known, and it still exists in the wild. Closing down the operation that initially created it does nothing to stop others from using the vulnerability again.
This vulnerability goes right at the heart of internet usage, and bypasses all security you may have in place on your PC. We at ACS believe this is a direct threat not only to your home PC’s, but also to ANY network you access from home, including your business networks. If you are using the devices affected by this vulnerability, to access your work network, you are at risk.
This type of vulnerability has been around a long time, and I’m betting this isn’t the last time we see headlines in this vein. The low-end consumer internet devices are not designed to provide security. Their primary job in life is to get you on the internet. You cannot expect them to protect you, they weren’t designed to provide protection. If you are utilizing the internet for banking, work, or access secure information, we highly recommend getting a true internet security appliance.
If you’d like to talk to me about what we do for security feel free to call me at 231-933-6333 x 1000 or email at firstname.lastname@example.org.