There could be many home routers to guarantee access to the illegal activity of hackers: the situation is worrying.
Home routers could come under pressure from recently revealed illegal hacker activity. A firmware Indeed, it would cause damage to many devices of this type.
Homes and offices using a router could be involved in a leading network stealthily, data to servers that would be run by cybercriminals Chinese. This would all happen through one backdoor that allows hackers to establish a file transfer with infected devices.
This situation was revealed in an article on the portal CheckPoint Research. This process was established through the TP-Link router with C++ code written in great detail. The situation, therefore, seems to be worrying but what is happening? Let’s get into the details.
Home and Business Routers Under Attack: The Situation
Home and business routers, as revealed by the specialized portal article, would be involved not to hit the individual owner but rather as a means to create a network of infected nodes so that hackers can have control And transfer data without knowing where they come from and where they go.
In their investigation, the researchers analyzed attacks that took place against some European foreign affairs communities. There they highlighted a backdoor with the name of Horse Shell. This backdoor consisted of 3 features:
- The ability to manage and execute commands on the infected device remotely;
- Transferring and downloading files to and from the infected device;
- Data exchange through a protocol called SOCKS5.
From the article it is clear that the work of SOCKS5 allows to go to create a chain of devices that manage to establish cryptographic connections through the two closest nodes. This would allow hackers to kick off traffic to the command and control server.
Doubts about how the process is triggered: hypotheses
If the infrastructure, on the part of the researchers, appears quite clear, the question of how this backdoor is installed on the various devices is different. The most popular hypotheses are two: the first is that the hackers go to work on the vulnerabilities of the device while the second is the one in which i cybercriminals proceed through administrative credentials that are weak.
Therefore, the situation appears very complicated and, as underlined by scholars, difficult to resolve. All that remains is to wait for the development of the story also paying attention to another threat that can start from the modem.
Start a new Thread