A vulnerability affecting hundreds of routers in Singapore could have given hackers complete access to connected devices.
According to a blog post by researchers at cybersecurity specialists NewSky Security, Singapore ISP Singtel opened up port-forwarding to fix a technical issue on their routers, but forgot to close the ports afterwards. That vulnerability allowed access to all devices connected to the affected hardware.
Research lead Ankit Anubhav – who discovered the flaw, dubbed ‘ForgotDoor’ – said that the affected routers had port 10000 wide open, meaning that they could easily be accessed and controlled by attackers. Around 975 have been found to be affected so far.
While the routers’ login feature was disabled, hackers could still use the flaw to access administration settings to re-enable login and change the router’s password.
“Once a new password is set, it might cut off future connections to the original owner of the device,” said Anubhav. He added that the routers were all connected to multiple devices, which meant that those too would have been open to compromise.
Port forwarding now disabled
Douglas Mun, deputy director in charge of SingCERT at the Cyber Security Agency of Singapore, said, “The ISP SingTel has now disabled port forwarding to port 10000 for the affected routers. Port forwarding was enabled by their customer service staff to troubleshoot Wi-Fi issues for their customers, and was not disabled when the issues were resolved.
“ISP SingTel will be taking measures to ensure that port forwarding is disabled after troubleshooting has completed,” he said.
Anubhav said that one way to prevent attacks in these scenarios would be to allow IoT devices to connect via non-standard ports. “For example, setting up SSH on an unusual port can save the device from a lot of brute-force attacks that are designed to attack the default SSH port, which is 22,” he said.
“However, this practice should never be considered as a replacement for basic IoT security. With easily available crawling scripts and services like Shodan, it is easy for attackers to find out which unusual ports are being used.”
Anubhav added that while responsibility for fixing holes in IoT security may lie with vendors and ISPs, there are still actions that end users can take to improve their overall resilience against attack.
“The various levels of IoT attacks can be combated with cautious port forwarding, strong authentication, a trustable firewall or other IoT security mechanism, and regular updates,” he said.