Millions of home Wi-Fi networks could be easily hacked, even when the network is protected by a strong password, thanks to a flaw in Chrome-based browsers.
Researchers at cybersecurity and penetration testing consultancy SureCloud have uncovered a weakness in the way Google Chrome and Opera browsers, among others, handle saved passwords and how those saved passwords are used to interact with home Wi-Fi routers over unencrypted connections.
By design, Chrome-based browsers offer to save Wi-Fi router administration page credentials and re-enter them automatically for users’ convenience. As most home routers do not use encrypted communications for management tasks, the researchers were able to exploit this automatic credential re-entering to both steal the router login credentials and use them to capture the Wi-Fi network password (PSK) with only a single click required by the user for the attack to succeed.
The weakness applies to any browser based on the Chromium open source project, such as Google Chrome, Opera, Slimjet, Torch, and others. Any router that has an administration portal delivered over cleartext HTTP by default (or enabled) would be affected by this issue, which makes router and device updates impractical.
The issue was responsibly disclosed to Google’s Chromium project (which develops the code for Chrome and other browsers) on March 2nd 2018. Chromium responded the same day, saying that the browser feature was ‘working as designed’ and it does not plan to update the feature.
“There is always a trade-off between security and convenience, but our research clearly shows that the feature in web browsers of storing login credentials is leaving millions of home and business networks wide open to attack — even if those networks are supposedly secured with a strong password,” says Luke Potter, SureCloud’s cybersecurity practice director. “We believe this design issue needs to be fixed within the affected web browsers, to prevent this weakness being exploited. In the meantime, users should take active steps to protect their networks against the risk of being taken over.”
Recommended steps include only logging in to your Wi-Fi router for configuration or updating using a separate browser or an Incognito browser session. Also clearing your browser’s saved passwords and not saving credentials for unsecure HTTP pages, deleting saved open networks and not allowing automatic re-connection to networks, and changing pre-shared keys and router admin credentials as soon as possible.
You can see a video of the attack in action below.