Verizon issues patch for vulnerabilities on millions of Fios routers

If you have a Verizon Fios Quantum Gateway router, get the latest update.

Alfred Ng Senior Reporter / CNET News

Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.

See full bio

Alfred Ng

April 9, 2019 12:48 p.m. PT

2 min read

Side of a van with the word "Fios," which is Verizon's fiber-optic internet service. — Verizon Fios delivers fiber-optic internet service.
Getty Images

Verizon is sending out an update for millions of its routers after security researchers discovered vulnerabilities that could allow attackers to take over the devices.

On Tuesday, researchers from Tenable detailed three vulnerabilities with Verizon's Fios Quantum Gateway router. The security company said that it disclosed these security flaws to Verizon in December and that Verizon issued a fix on March 13.

Verizon said that a small percentage of its customers didn't get the update automatically and will still need a patch.

"We were recently made aware of three vulnerabilities related to login and password information on the Broadband Home Router Fios-G1100," a Verizon spokesman said in a statement. "As soon as we were made aware of these vulnerabilities, we took immediate action to remediate them and are issuing patches."

It was a particular type of router that didn't get the update. Verizon said that the people affected won't need to take any action. If the router's firmware is running version 02.02.00.13, they're up-to-date and safe from the vulnerabilities.

A hacked router could lead to significant abuse, since the device serves as the central point for all your online activities. Last year, Russian hackers infected more than 500,000 routers in 54 countries with malware that could cut off internet access and steal login credentials.

Watch this: Verizon 5G speed test vs. 4G

00:57

Verizon's Fios Quantum Gateway routers are used in millions of homes across the US. The vulnerabilities would allow a potential attacker to take control of smart devices connected to the router, as well as steal passwords on the network.

"Routers are the central hub of every smart home today. They keep us connected to the corners of the internet, secure our homes and, even, remotely unlock doors," Renaud Deraison, Tenable's chief technology officer, said in a statement.

The vulnerabilities stem from Access Control rules in the router's firewall settings, Chris Lyne, a security researcher at Tenable, described in his write-up.

He found that the flaw allowed for a potential attacker to get complete control of the router, though an attacker would still need credentials to the router to begin with. A potential hacker would need to be within range on a vulnerable Verizon router, and also know the network password.

The hack might be difficult to pull off at a major scale, but Verizon is looking to make sure that all its users are safe from a potential attack.

The company said it hasn't found any cases where the vulnerability was abused, and that a patch will be rolling out to people "in the next several days."