The guest Wi-Fi at your home is prone to hacking owing to inadequate in-built security, say researchers. Most routers sold today offer consumers two or more network options – one for the family which may connect all the sensitive smart devices and computers and the other for visitors or less sensitive data.
A study by Israel-based Ben-Gurion University (BGU) indicates that routers from well-known manufacturers are vulnerable to cross-router data leaks through a malicious attack on one of the two separated networks.
“All of the routers we surveyed regardless of brand or price point were vulnerable to at least some cross-network communication once we used specially crafted network packets,” said Adar Ovadya from BGU’s department of software and information systems engineering.
Less sensitive data may include multimedia streams or environmental sensor readings. In the paper, the researchers demonstrated the existence of different levels of cross-router covert channels which can be combined and exploited to either control a malicious implant, or to exfiltrate or steal the data.
In some instances, these can be patched as a simple software bug, but more pervasive covert cross-channel communication is impossible to prevent, unless the data streams are separated on different hardware.
“A hardware-based solution seems to be the safest approach to guaranteeing isolation between secure and non-secure network devices,” Ovadya added.