The way Google Chrome interacts with your router could be putting your home Wi-Fi network at risk
Anybody who has ever asked somebody for a Wi-Fi password will know just how long and crazy they can be. In the interest of securing the network, Wi-Fi passwords are often long and contain both capital and lower-case letters, numbers, and symbols.
Using strong passwords is highly recommended, but researchers at cybersecurity consultants SureCloud have found that even networks protected by the strongest passwords could be vulnerable to attack thanks to a weakness in the way Google Chrome and Opera browsers communicate with routers.
The vulnerability, called Wi-Jacking, stems from browsers based on Google’s Chromium open source project, which include Chrome and Opera. Chromium browsers save Wi-Fi router admin credentials and then re-enter them automatically to save time and effort. This credential saving, combined with the fact that most home Wi-Fi networks don’t use encrypted communications for management tasks, enabled the researchers to steal the router login credentials and then capture the Wi-Fi network password.
SureCloud listed five factors that are required before the vulnerability can be exploited. They are:
- “There MUST be an active client device on the target network.
- Client device MUST have previously connected to any other open network and allowed automatic reconnection.
- Client device SHOULD* be using a Chromium-based browser such as Chrome or Opera.
- Client device SHOULD** have the router admin interface credentials remembered by the browser.
- Target network’s router admin interface MUST be configured over unencrypted HTTP”.
Although there are five prerequisites, they are pretty common. Most of us use Chrome, most of us will have connected to an open network and hit connect automatically, and most browsers prompt us to save credentials automatically. SureCloud points out that even with two other pre-requisites necessary there are still a lot of people who are vulnerable to this type of attack.
Fortunately, SureCloud reported this vulnerability to the Chromium project and Google has already responded. According to SureCloud, the latest Chrome update has changed the security protocol, which means a successful attack would need much more specific action to be taken by the individual user.
Chrome is still vulnerable, but a successful attack would be much more like a phishing attack with a fake site or being needed to prompt users to act in the way required to steal the Wi-Fi credentials. For more information on avoiding phishing attacks check out our infographic on detecting fake emails and avoiding phishing scams:
This is much more in-line with the vulnerability as it was first detected on other browsers like Edge and Safari. Unfortunately, however, at the time of publication Opera browser is still vulnerable to this type of attack. SureCloud offered the following ways to protect yourself against this particular type of attack:
“Only login to your router using a separate browser or incognito session
Clear your browser’s saved passwords and don’t save credentials for unsecure HTTP pages
Delete saved open networks and don’t allow automatic reconnection
As it is nearby impossible to tell if this attack has already happened against your network, change your pre-shared keys and router admin credentials ASAP. Again, use a separate/private browser for the configuration and choose a strong key.”