Orange Liveboxes have a major security flaw, an investigation reveals. Thanks to this flaw, a hacker can easily recover the modem's Wi-Fi password and deploy an attack on all your devices. The affected models are located in Spain and Spain. The incumbent quickly decided to launch an investigation.
According to an investigation by Bad Packets Report security expert Troy Mursch, the password for 19 Liveboxes leaked without encryption on the web. 2 devices are still vulnerable to a large-scale computer attack, warns the report.
A serious security flaw identified in Liveboxes, Orange launches an investigation
According to Troy Mursch, the hacker behind this attack exploited a security flaw dating back to 2012 (CVE-2018-20377). Thanks to her, he managed to remotely recover password SSID and Wi-Fi of the targeted boxes. Most of the affected devices had kept the same Wi-Fi password as the original one. As always, we advise you to change this password as soon as possible.
Read also: Livebox, Box SFR – a huge flaw allows them to crack their WiFi key in seconds!
Once he has recovered the password, the attacker can potentially use it to launch an attack on all devices connected to the Wi-Fi network : connected speakers, smartphones, Smart TV or computers. “He can also obtain the telephone number linked to the modem” estimates the expert.
The man behind the attack resides in Spain, the report assures. Similarly, most of the affected modems are located in the Iberian Peninsula, close to the hacker's estimated position. Some Spanish Liveboxes are also affected.
As soon as they were discovered, the Bad Packets teams alerted Orange CERT, “the operational structure responsible for managing IT security incidents that could impact the Group's activities”. On Twitter, the operator quickly assured that an investigation had just been launched.
Thanks for the notification. We're handling your case.
— Orange-CERT-CC (@OrangeCertCC) December 23, 2018