You may be confident that the router you’re developing and selling is a fairly benign device that merely enables internet connection. Unfortunately hackers don’t see it that way. Hackers are targeting routers with increased frequency with one industry report indicating that in the first half of 2020, over 10.6 billion suspicious connection attempts were made on routers’ unavailable TCP ports. To them, your router represents easy pickings and a ripe opportunity for all the possible damage they can cause, as the cyber “front door” to your customer’s network.
The Unlocked Cyber Front Door
In design and development, router security tends to take a back seat. Vendors often produce a variety of models which makes it difficult to support and maintain all of them. The top priorities in their development tend to be ease-of-use and deployment and characteristically, they are always-on and infrequently updated.
The minimal security of routers has been made even more stark with the advent of the IoT. The average US household tends to have three or more smart home devices, ranging from smart TVs to speakers to home security monitors, and they’re all connected to the one home network for which the router is the gateway. Within the enterprise, most routers are expected to support 250 connected devices which aside from computers can include tablets, printers, and appliances.
The ability to easily manipulate the security deficiencies of the router, gain access to it and all other connected devices becomes child’s play. Once on the network they can steal sensitive data, including login credentials, take over devices to launch cyber attacks on others or even jeopardize physical safety. For example, audio devices could be used to listen-in on conversations, monitors can be used to spy on people, smart locks could let in burglars, medical devices could endanger life, and machinery could be used to harm operators.
Why Hackers Love an Unprotected Router
Hackers love an unprotected router because the world is their oyster in terms of what they can do with it.
As mentioned above a router may be attacked to take advantage of all the connected devices that lie behind it. All of those connected devices can be recruited into botnets that a hacker can use to launch cyber attacks such as a DDoS (distributed denial of service) or send spam and click fraud campaigns. They can also be hijacked to mine for crypto-currency, which will consume power and slow down the network.
Routers are ideal targets for executing man-in-the-middle attacks, one example of this is where hackers change the DNS server in a router used to direct the URL address of websites to a server IP address from where they can steal or view sensitive data. Undetected, man-in-the-middle attacks will continue to exfiltrate additional network configuration data, modify device configurations, copy OS data to external servers, redirect network traffic and create unauthorized network tunnels.
For enterprises with employees still working from home, their employees’ home routers may represent the undetected weak link within their otherwise rigorously protected network. Once on the home network it’s only a short lateral move to gain access to corporate work stations from which hackers can monitor emails, browse histories and grab access details to corporate accounts.
Router vulnerabilities that keep popping up
New bugs and vulnerabilities on routers are being exposed on an almost a weekly basis, it could be argued that router security is the single most important threat to IoT today. Let’s take a look at some of these vulnerabilities and their far reaching implications.
In 2019 attacks on router hardware and software vulnerabilities showed how hackers are cracking into and manipulating routers to execute arbitrary commands or remotely gain access to the device’s firmware. A zero-day bug found on TP-Link gave root access to disable the router’s Trust Anchor.
In May 2021, Security researcher, Mathy Vanhoef, exposed a new technique of manipulating multiple vulnerabilities, that are embedded in every WiFi router, that can be remotely attacked in a drive-by hack. A “FragAttack” allows the attacker to bypass all of the popular secure WiFi protocols that are built-in, gain unauthorized connections and gather sensitive information of the network traffic. Arguably, the most disturbing aspect of FragAttacks is that on close proximity a hacker can bypass the firewall of the router and create a connection between his remote server and any devices inside the victim’s network for ongoing exploitation.
Later in August 2021, another vulnerability was disclosed by Tenable, which potentially impacted millions of deployed routers, manufactured by no less than 17 different vendors including D-Link, MicroFocus, and Cisco HyperFlex. The commonality between all the vulnerable routers, including many IoT devices, was the use of firmware from Arcadyan where the vulnerable code base had been incorporated into the supply chain. When exploited, the vulnerability makes it possible to bypass authentication that would otherwise be needed to change configurations and gain root level shell access.
Why better passwords just ain’t gonna cut it
You can’t rely on customers to maintain the security of their routers by having proper passwords. In fact, most home routers are missing basic protections and are still relying on the password factory settings. According to testing conducted by Consumer Reports which found some significant industry-wide practices that fell below security benchmarks:
- Numerous router models accepted very weak passwords. This means that they can be easily cracked open by a basic brute-force attack. One router even prevented users from changing the default log-ins of “admin” and “password”.
- About two-thirds of routers had Universal Plug and Play (UPnP) enabled. This protocol has great functionality by enabling devices on the network to discover each other, but also enables serious security vulnerabilities.
- 11 of the router models were not supported with software updates. These are crucial to keeping devices secure and patched from the latest threats which take advantage of newly discovered vulnerabilities.
Onus for security falls on you
For most customers establishing and maintaining the security of their router is beyond their band width (pun intended). The onus therefore lies with the developer or provider to make sure that any router being sold on the market is adequately protected.
Here are some measures that security experts at Firedome strongly recommend.
- When first installing the router, require users to change credentials from the factory settings and necessitate strong passwords.
- Incorporate two factor authentication for the log-in protections
- Encourage users to connect to WPA2 on their routers for encrypted Wi-Fi.
- Provide regular firmware updates and enable them to occur automatically across your fleet.
- Embed an IoT security agent that requires minimal CPU, but is able to detect and block attacks proactively, without any interaction required by the user.
An embedded IoT security agent, such as that offered by Firedome who already work with top leading router and edge gateway providers, not only protects the router, but the entire network that sits behind it. This optimal level of router security also enables advanced configurations to include protection for a VPN and other connected IoT devices.
Awareness around router insecurity is growing and implications are becoming more significant whether the environment be government departments, hospitals, schools or any situation where exposure of sensitive data or devices can cause significant damage. Router providers would be smart to market their device’s security capabilities, to establish the trust of their buyers and ensure their ongoing loyalty.