Fibre broadband routers vulnerable to hackers

Monday, 21 May, 2018

According to cybersecurity researchers at VPN Mentor, a million fibre-optic broadband routers contain a critical vulnerability that allows hackers to bypass security and takeover devices. Specifically, the vulnerability enables hackers to bypass the authentication process on HTTP servers.

The researchers said one million Gigabyte Passive Optical Networks (GPON) routers contained the vulnerability. GPON are networks that rely on optical cables to deliver data.

Unlike standard copper wire GPONs are 95% more energy efficient and provide a low-cost solution by consolidating multiple services onto a single fibre transport network, which makes them extremely popular in urban areas.

The GPON routers were manufactured by a Korean firm called Dasan Networks. VPN Mentor had contacted the company, but as yet not received a reply. Researchers identified that half of the infected routers were located in Mexico, while a large number were found in Kazakhstan and Vietnam.

VPN Mentor said that because so many people use these types of routers, the vulnerability could result in entire networks being compromised. The flaws could allow hackers to spy on the user or any connected device within those networks.

The latest flaws expose the fact that many network devices can be prone to vulnerabilities in their web interfaces. And this has led to widespread criticism of the manufacturers.

Many manufacturers totally ignore admin interface security, creating huge risks for their users. Worse some of the devices don’t even have any update mechanisms making them unusable once a high-risk vulnerability is discovered.

Others have quite complicated update processes for common users, and unsurprisingly very few customers have their firmware up2date. Users should ascertain that their home routers and other connected devices are inaccessible from the outside and keep their firmware up2date whenever possible.

- Ilia Kolochenko: CEO, High-Tech Bridge

Complicating the matter is that users of these routers may not know if the flaws are being fixed. These products tend to have a short shelf-life, with manufacturers quick to end ongoing support for existing models and move on to developing new ones.

Also, our service providers will often lock-down that part of user interface so only they can update, leaving the user unable to upgrade the software themselves.

VPN Monitor strongly recommends that users should check if their router uses the GPON network, be aware that these routers can be exploited and hacked and contact their ISP to see what they can do to fix the problem.

Tim Bamford author picture


Tim is a veteran freelance journalist writing extensively on internet news and cybersecurity.

News What's the story?

Keep up with the latest developments in UK broadband.

Why is the UK worried about Huawei and what does this mean for 5G?

The Huawei controversy continues as Boris Johnson says we ‘will not risk British security”.

Why is the UK worried about Huawei and what does this mean for 5G?Why is the UK worried about Huawei and what does this mean for 5G? Read more

Unmissable streaming TV shows for 2020

Telly has moved online - let's dive in to the most bingeworthy releases due this year!

Read more

The most complained about home broadband services

Who's failing to live up to expectations?

Read more

Brits spend up to 4.9 hours surfing the web at work!

Read more

Help Learn with us

Make the most of the internet with our broadband library.

What are the differences between HD, UHD, 4K and 8K?

What are the differences between HD, UHD, 4K and 8K?What are the differences between HD, UHD, 4K and 8K? Read more

How far can augmented reality take us?

Read more

Keeping the Internet of Things secure

Read more

The best broadband routers for 2020

Read more