ACT fixes Wi-Fi router security glitch in nick of time

India's third-biggest fibernet service provider Atria Convergence Technologies Limited (ACT) has fixed a serious vulnerability in Wi-Fi router security settings in the nick of time before hackers could know it.

The credit for detecting the security loophole goes to Bengaluru-based cybercrime researcher Karan Saini. 

ACT routers come with a hardcoded password, which is used to get into the service provider's management portal, but the devices lacked proper security. 

Affected devices include--two TP-Link routers-TL-WR850N & Archer C5 AC1200 series and  D-Link branded routers. All had the same hardcoded passwords and available in the public domain in the form of troubleshooting guides for users to fix common Wi-Fi router issues. Even a person without hacking skills could have easily deciphered them and take control of the Wi-Fi network.

Given the fact the ACT 's vast service coverage in India, it could have spelled doom for millions of people. Hacker could have attacked the network with Denial of Service (DoS) for accessing websites and also steal login credentials.

Though ACT has not publically acknowledged the issue, but we have come to understand that the company has fixed it.
"ACT states that they have disabled remote management — ironically, by remotely provisioning each router via the TR069 protocol — for all affected devices. Hooray!" Saini said on Twitter.

Though the company has fixed the issue, consumers are asked to be vigilant with their home Wi-Fi network security. 

Most people continue to use the username and password given during the first installation and never change. 

Get the latest news on new launches, gadget reviews, apps, cybersecurity and more on personal technology only on DH Tech.

DH Newsletter Privacy Policy Get top news in your inbox daily
Comments (+)