Realtek chips are used by all most well-known manufacturers that can be found in VoIP and wireless routers, repeaters, IP cameras, and smart lighting controls. A new vulnerability was recently discovered that allowed hackers to gain complete access to a device, its operating system, and even other network devices.
“Our security researchers have discovered and analyzed this vulnerability, which affects hundreds of thousands of devices. We notified Realtek, and they immediately responded and provided an appropriate patch. Manufacturers using vulnerable Wi-Fi modules are strongly encouraged to check their devices and provide security patches to their users,” said Floran Lukavsky, Managing Director of IoT Inspector.
The vulnerability can only be found by analyzing the firmware directly and checking whether vulnerable components are used in a specific device. IoT Inspector is offering free checks for users and affected manufacturers. Some of the affected manufacturers are companies such as AsusTEK, Belkin, D-Link, Logitech, Netgear, and many more familiar names.
How can a hack be carried out?
The attacker has to be on the same Wi-Fi network as its targeted user. Faulty ISP configuration can also expose vulnerable devices directly to the internet, leading to even more problems on its own. A successful attack would provide full control of the Wi-Fi module and root access to the hacked device’s operating system. The report says that in total, a dozen vulnerabilities were found in the chipset.
“There is currently far too little security awareness for devices in these categories – neither among users, nor among manufacturers, who blindly rely on components from other manufacturers in their supply chain without testing them. As a result, these components or products become an unpredictable risk,” said Lukavsky.
What does this mean to you?
Given that hundreds of thousands, and potentially millions of devices are affected by this vulnerability, and companies aren’t taking additional measures to prevent this from happening again, it means that you are likely to be affected sooner or later. Although Realtek has patched out the issue, it could happen again in the future. If you are concerned, you can take advantage of the free check offered by security specialist, IoT Inspector.