According to a blog post by security researcher Joseph Hutchins that first went live in August, upwards of 138,000 AT&T wireless routers may have a critical security vulnerability that could leave many of its customers open to an attack.
Five flaws altogether were discovered in the company’s “Arris”-branded routers, though even more are said to potentially affect other OEM AT&T U-verse modems regardless of make or model. The attack is able to bypass any security measures that a user may have put in place, as well as the internal firewall through a publicly-available set of credentials.
Once the hacker is in range of the router, he can either use the credential crack or a brute force of the half-completed MAC address to get in. The latter bug may have been a result of AT&T’s staff support methodology, which leaves a channel open that technicians can use to remotely troubleshoot internet issues without having to send someone out to the address physically.
Hutchins says that while a feature like this may be innocuous on the surface, something appears to have gone “terribly wrong” when it came to coding extra security layers around that backdoor.
A spokesperson for Arris wasn’t willing to release any specific details about the hack, saying only that “…ARRIS is conducting a full investigation in parallel and will quickly take any required actions to protect the subscribers who use our devices”.
In order to prevent these kinds of bugs and backdoors from effecting your internet security experience, we recommend picking up any one of the top 5 routers that made our list of the best routers for 2018.