Windows 10 News and info | Forum
December 11, 2018, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances.
 
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: Chrome vulnerability leaves Wi-Fi networks open to attack  (Read 78 times)
javajolt
Administrator
Hero Member
*****
Offline Offline

Gender: Male
United States United States

Posts: 29272


I Do Windows


WWW Email
« on: September 06, 2018, 11:32:02 AM »
ReplyReply

Millions of home Wi-Fi networks could be easily hacked, even when the network is protected by a strong password, thanks to a flaw in Chrome-based browsers.

Researchers at cybersecurity and penetration testing consultancy SureCloud have uncovered a weakness in the way Google Chrome and Opera browsers, among others, handle saved passwords and how those saved passwords are used to interact with home Wi-Fi routers over unencrypted connections.

By design, Chrome-based browsers offer to save Wi-Fi router administration page credentials and re-enter them automatically for users' convenience. As most home routers do not use encrypted communications for management tasks, the researchers were able to exploit this automatic credential re-entering to both steal the router login credentials and use them to capture the Wi-Fi network password (PSK) with only a single click required by the user for the attack to succeed.

The weakness applies to any browser based on the Chromium open source project, such as Google Chrome, Opera, Slimjet, Torch, and others. Any router that has an administration portal delivered over cleartext HTTP by default (or enabled) would be affected by this issue, which makes router and device updates impractical.

The issue was responsibly disclosed to Google's Chromium project (which develops the code for Chrome and other browsers) on March 2nd 2018. Chromium responded the same day, saying that the browser feature was ‘working as designed’ and it does not plan to update the feature.

"There is always a trade-off between security and convenience, but our research clearly shows that the feature in web browsers of storing login credentials is leaving millions of home and business networks wide open to attack -- even if those networks are supposedly secured with a strong password," says Luke Potter, SureCloud's cybersecurity practice director. "We believe this design issue needs to be fixed within the affected web browsers, to prevent this weakness being exploited. In the meantime, users should take active steps to protect their networks against the risk of being taken over."

Recommended steps include only logging in to your Wi-Fi router for configuration or updating using a separate browser or an Incognito browser session. Also clearing your browser's saved passwords and not saving credentials for unsecure HTTP pages, deleting saved open networks and not allowing automatic re-connection to networks, and changing pre-shared keys and router admin credentials as soon as possible.

You can see a video of the attack in action below.



source
Logged



Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page November 19, 2018, 01:09:21 PM