There’s an internet router in just about every home and office. They’re relatively inexpensive devices which – because of their low cost – don’t exactly have world-class security.
Just recently, Israeli security firm NanoLock discovered a flaw in Buffalo routers which would allow hackers to downgrade their firmware and take control of the device.
If that doesn’t worry you too much, consider this: a compromised router can give hackers access to all the devices on your home network, they can change settings to redirect your web browser to fake websites (and then steal your login and payment information when you enter it), and also upload malware.
And they don’t need to be outside your house to do it: the flaw means they could be anywhere in the world.
The affected Buffalo routers run firmware version 2.46, which had a security hole that allowed NanoLock to downgrade it to an earlier, even more vulnerable version (2.34). The older version allowed telnet access, giving the researchers full access to the router. This is despite V2.46 containing a security patch which was supposed to fix the vulnerabilities present in the older firmware.
Routers which have a feature for accessing their admin pages via the internet have long been a weak point in security, with both Asus and D-Link falling foul to hackers in a similar way in the past.
If you happen to own a Buffalo router, the bad news is that the flaw has not yet been fixed. Buffalo is working with NanoLock to implement the latter firm’s ‘Flash-to-Cloud Protection’. This prevents any changes to firmware unless they are signed and approved by a trusted server online.
NanoLock has also warned that there are still millions of routers in use from other brands which have similar flaws.
What can I do if I have a Buffalo router?
Our advice is to check your router’s settings – you can connect using this guide – and disable remote admin access. There’s usually no need to log into your router remotely, so it isn’t as if this will cause any problems for you: your router will continue to let devices connect to the internet as normal with this feature turned off.
You can also update its firmware to the latest version, which should be a higher number than 2.46. You’ll find a guide on Buffalo’s website which explains how.
If you can’t do either of these things, the final option is to change the old router for a new one. Here are our recommendations of the best routers.