Wednesday, February 19, 2014

AVM Fritzbox routers vulnerable even without activated remotely - ZDNet.de

AVM Fritzbox routers are obviously vulnerable even without switched remote access feature. This has an analysis of Heise Security found. Accordingly, the now closed via firmware update vulnerability has nothing to do with the remote access.

Fritzbox router were of fraudsters used like remotely for abusive phone calls (Image: AVM)

An attacker could take over the router and execute arbitrary commands with root privileges by exploiting the gap in complete control, they say. Purpose, he must only have to get the user to open an infected with malicious code website.

AVM so far has not commented specifically on the findings of Heise Security. In a brief statement the company said Berlin only with: “In media reports and forums is currently speculation about other possible avenues of attack on the Fritzbox. Due to the ongoing investigation and to avoid imitations, AVM these reports can not comment. “

At the same time

AVM reiterated that the attacks on the Fritzbox took place exclusively from the outside via port 443. Regardless of the activated remote access you have to all users recommend that you install the security update provided because it is “the best protection against potential attacks” offer.

This recommendation is yet but obviously far from being fulfilled all Fritzbox owners. Last week spoke AVM from an update rate of 20 percent. After a stark warning from the Federal Office for Security in Information Technology (BSI) are likely to become more Fritzbox users have updated the firmware on your router.

The security update is so far in front for 23 router models. Also for the international versions AVM on an updated firmware. The patch itself, and an installation guide can be found on the AVM website.

an unpatched device attacker can access all configuration data stored in the Fritzbox access and manipulate them. There is also the possibility to read access to e-mail accounts or other online services, where the user has entered this in the Fritzbox. In addition, attackers are able, expensive at the expense of the owner Fritzbox-phone calls lead to value-added services.

Update of 19 February at 14.30 clock : Meanwhile, AVM has released a list of all affected Fritzbox router. Some of them will be updated directly by the network operator. For Models 5188 and Alice 3331 is still no update before, but is “in preparation”.

Tip: How confident are you in safety? Check your knowledge – with 15 questions on silicon.de

No comments:

Post a Comment