Latest in Gear

Image credit:

Data-stealing router malware bypasses web encryption

It also inserts hostile code and targets devices on the network.
Jon Fingas, @jonfingas
June 6, 2018
Share
Tweet
Share

Sponsored Links

Joseph Branston/Official Windows Magazine via Getty Images

A recently discovered strain of router malware appears to be much worse than thought. Cisco Talos has learned that VPNFilter can not only render devices unusable, but can bypass the SSL encryption you often see on the web. A module in the malware intercepts outgoing web requests to turn them into non-secure (that is, basic HTTP) requests, helping it steal sign-ins and other sensitive data when possible. It can also use man-in-the-middle attacks to insert hostile JavaScript into outside websites, and target devices beyond the router itself, such as PCs on the local network.

The rogue software targets many more devices than first thought, too. While a late May report focused on a handful of routers and network storage devices from Linksys, MikroTik, Netgear, QNAP and TP-Link, the vulnerability is now known to affect both more models from those brands as well as ASUS, D-Link, Huawei, Ubiquiti, Upvel and ZTE.

Significantly, VPNFilter isn't just infecting every device it can. Symantec noted that it's "particularly interested" in targets in Ukraine, suggesting that Russia or another politically motivated actor might be involved.

There are ways to minimize or eliminate the threat. MikroTik and Netgear note that newer firmware updates should protect against VPNFilter, and the FBI has seized a domain the malware used for its command and control system. QNAP has a malware removal tool. However, the scale of the threat is more than a little disconcerting, and there are many people and companies that rarely upgrade their firmware. It's possible that a new variant could switch to a new domain and infect more devices with little resistance.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

LG's rollable OLED TV goes on sale for $87,000

LG's rollable OLED TV goes on sale for $87,000

View
The SSC Tuatara has broken 330 mph and shattered a world speed record

The SSC Tuatara has broken 330 mph and shattered a world speed record

View
Can Evernote make a comeback?

Can Evernote make a comeback?

View
Living with TCL's 8-series 4K TV: Quality without paying for OLED

Living with TCL's 8-series 4K TV: Quality without paying for OLED

View
Sony plans to optimize the PS5's fan speed using game data

Sony plans to optimize the PS5's fan speed using game data

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr