Thousands of Orange routers are leaking WiFi passwords

This flaw would allow hackers to perform various malicious activities

Cybersecurity and ethical hacking experts from the International Institute of Cyber Security Report that a critical vulnerability present in about 20k routers from the manufacturer Orange has resulted in a SSID and WiFi passwords leaking. In addition to the information leaking devices, over 2k routers have been classified as being exposed to Internet attacks.

The company’s honeypots detected for the first time the attack traffic directed to the Orange Livebox ADSL modems. After conducting a search on Shodan, the cybersecurity expert Troy Mursch found that 19 490 devices of this type leaked their WiFi credentials in plain text.

According to the expert report, many of the devices that showed this WiFi password leaking use the same access keys for the device administration, or even lack a password set by the admin, so the attackers find the default passwords in a very easy way.

“The vulnerability would allow a remote attacker to access the compromised router and modify the device or firmware settings. In addition, attackers could get the phone number linked to the router and perform other hacking or social engineering activities,” said the cybersecurity expert.

According to Mursch’s report, most of the compromised routers are in Spain; in addition, the traffic of the attack has also been linked to an IP address associated to a client of the company Telefónica España.

“At the moment we do not know the reasons for the attack, although we find it interesting to discover that the source is in a nearby location, even though we thought it was a malicious actor in another country,” the expert mentioned. “This could allow attackers to connect to the WiFi network if they were closer to one of the indexed modems in the search on Shodan”.

The vulnerability, tracked as CVE-2018-20377, is already being investigated by Orange. Further company reports are expected over the next few days. For many cybersecurity experts, most home-use routers remain an important vector for deploying cyberattacks due to their limited security measures, so hackers can use these devices to build huge botnets. Recently, a group of researchers discovered a botnet composed of more than 100k compromised devices, mainly domestic-use routers.