If we want to access our router via the browser, we do so with a static IP, either 192.168.1.1 or 192.168.0.1, depending on the manufacturer. However, there is a problem with using the Chrome browser, which has password management functionality that could leave a door open for hackers.
And it’s been known lately that the Chrome browser has a bug that allows anyone to access your WiFi data and hack into your home network.
According to a report by researchers at cybersecurity consultancy SureCloud, millions of Wi-Fi home networks could easily be hacked, even if the network is protected by a secure password because of a Google Chrome vulnerability.
As reported on the website, a vulnerability has been discovered by SureCloud in browsers that handle the functionality of stored passwords.
This is where the error hides as these stored passwords are not encrypted as they are used to interact with Wi-Fi over unencrypted local connections. Since Chrome allows self-storage, it allows attackers the freedom to steal the router’s credentials.
Because most home routers do not use encrypted communications to access the management panel, its researchers were able to exploit this new automatic login, which steals the router’s credentials and captures the Wi-Fi Network Password (PSK).
Google warns that Android could stop being free for smartphone manufacturers.
In the video published by SureCloud, you can see when the attack took place and the WiFi connection is disconnected to take the new connection set up by the attacker.
However, this does not only affect Chrome users, as the researchers found that all browsers based on the Chromium project such as Google Chrome, Opera, Slimjet, Torch, and others are vulnerable to this attack.
Like any router that has an HTTP administration portal without standard encryption (or enabled), it would be affected by this problem.
“There’s always a link between security and usability, but our research clearly shows that the role of web browsers in storing login credentials puts millions of home and corporate networks at risk, even though these networks are allegedly protected with a secure password,” said Luke Potter, director of cybersecurity practices at SureCloud. “We believe that this design issue should be corrected in the affected web browsers to avoid having to exploit this vulnerability. In the meantime, users should take active measures to protect their networks from the risk of absorption.
However, one of the researchers, after reporting the bug to Google Chromium in March this year, said the company replied the same day, saying that the browser feature “is working as planned” and not planned to update it.