Researchers discover flaws in software-based Router Network Isolation
- The study found multiple flaws in routers from TP-Link, D-Link, Edimax, and Belkin.
- The current technique discovered by the researchers allows for transfer of small amounts of data only.
What is the matter?
A research team at the Ben-Gurion University of the Negev discovered multiple methods to transfer data across two segregated network segments operating on the same hardware.
The researchers used direct or timing-based covert channels to exfiltrate data across networks. The team tested the techniques on seven routers from multiple vendors. Though the method does not allow transfer of large amounts of data, it nonetheless demonstrates critical flaws in software-based network isolation through routers.
The research findings are published in the paper named "Cross-Router Covert Channels" which was presented at the 13th USENIX Workshop on Offensive Technologies (WOOT '19).
What does this mean?
Software-based network isolation through routers is generally considered an effective method to prevent data exfiltration between the networks by attackers. It is a common feature in many modern routers. This is also how many companies divide their internal networks into guest and host networks.
This network separation is performed through the router software rather than by using separate hardware. This type of network insulation prevents access to sensitive or critical systems from any unauthenticated users or users with lower privileges.
However, this new research shows that multiple modern routers can be targeted by attackers to break this arrangement and access sensitive systems.
What is the impact?
The researchers tested devices from multiple vendors including TP-Link, D-Link, Edimax, and Belkin.
“The makers of the devices used for this research were informed of these results in May. Only the security response team from Belkin replied, saying they did not intend to fix the vulnerabilities,” BleepingComputer reported.
The flaws discovered by the researchers are tracked as: