US Security researchers firm, FireEye has recently exposed an unknown attack method on routers that allow hackers to gain access to the device’s traffic, without being detected.
The attack named SYNful Knock implants an undetectable image of a router’s firmware that can be used to gain and maintain “perpetual presence” to a networking environment, reports Mandiant, a subsidiary of FireEye.
All kinds of data packets moving in and out of the router can be compromised without any knowledge of it. Currently the attack affects routers only, and in this case the targeted devices were Cisco routers.
Mandiant confirms that they found 14 instances of the attack in India, Ukraine, Philippines and Mexico. Mandiant says that the in order to combat the new threat, security experts will have to approach the vulnerability differently from earlier practices. Once fully overcome, information about previously unknown compromises could be revealed.
Cisco told in a statement to Reuters that they are working with Mandiant to develop ways for customers to detect attacks carried out by SYNful Knock.
“If you own (seize control of) the router, you own the data of all the companies and government organisations that sit behind that router. The implanted software, which duplicates normal router functions, could also potentially affect routers from other maker,” says FireEye Chief Executive Dave DeWalt while speaking to Reuters.