Skip to navigation
Latest News

Router security: why your gateway to the web is at risk

routers

By Nicole Kobie

Posted on 26 May 2014 at 12:23

Imagine a criminal following you everywhere, noting down your PIN at the ATM and standing between you and the till at a shop. That’s analogous to what happens when hackers compromise your router – and poorly secured devices are being targeted more frequently.

Five years ago, a worm dubbed Psyb0t spread across the world, infecting more than 50 different models of domestic router. Now security experts believe that such attacks are on the rise.

In the past six months, Cisco, D-Link, TP-Link and Netgear have all been forced to issue emergency patches; attacks in Poland have enabled criminals to intercept traffic between home users and their banks; 300,000 routers have been compromised worldwide by an unknown intruder, according to security firm Team Cymru.

Once you’ve gained access to the system, there’s such a complete lack of security measures that you can replace the entire OS that runs on the routers

Underlining the threat, Tripwire research has revealed that 80% of small-office/home-office (SoHo) routers have exploitable flaws – yet only half of IT professionals have updated their firmware. The situation is only set to become worse. F-Secure security advisor Sean Sullivan warns: “Once the idea is out there, it will take root and grow.” So what can we do to protect ourselves?

Powerful threat

Router attacks are serious because they allow hackers to monitor and interfere with communications between you and your online destination, be that PayPal, a bank or your work email.

“It’s powerful because you’re sitting at the gateway,” explained a Team Cymru researcher, who asked not to be named for security reasons. “You could easily install malware; start filtering the traffic for logins, then redirecting people and stealing banking credentials.”

There’s almost nothing holding back attackers from doing as they please. “Once you’ve gained access to the system, there’s such a complete lack of security measures that you can replace the entire OS that runs on the routers,” noted Tripwire researcher Craig Young.

Routers are a valuable target because they typically give attackers access to all the devices in a household.

“If you change the DNS settings in a laptop, you’ve only got that one laptop,” said Dr Johannes Ullrich of the SANS Technology Institute. “If you change them on the router, you have every single system behind that router, and that makes it more attractive – particularly as people use more mobile devices and tablets.”

Working from home?

Weak router security is a threat to businesses, too. When an employee works from home, many businesses – be they SMBs or large enterprises – wisely provide VPN access and a work-only laptop. If the router is compromised, however, such security measures are wasted.

“A VPN client can be intercepted,” warned Tripwire’s Young. “It can expose the credentials that they’re using to log on to their work email.

If you have an employee working from home using a laptop that you’ve provided, you should also consider giving them the wireless access point that you would use in your business environment, since such devices will have been vetted for security.”

What’s causing it?

The researchers PC Pro spoke to were in agreement as to why router attacks are increasing. Traditional attacks that target laptops and other clients are becoming harder, “forcing the bad guys to explore new avenues”, in the words of Steve Santorelli, director of global outreach at Team Cymru.

Routers, conversely, typically have weak security. People don’t change their default passwords, they don’t lock down their settings and they don’t install updates.

1 2
Subscribe to PC Pro magazine. We'll give you 3 issues for £1 plus a free gift - click here
User comments

Not sure about that?

"If you have an employee working from home using a laptop that you’ve provided, you should also consider giving them the wireless access point that you would use in your business environment, since such devices will have been vetted for security”


No idea why/how that would help, unless he meant to say Router rather than access point?

Not only that, but even if the router was compromised surely you would still need to break the SSL encryption in order to gain bank details etc as is said in the article?

By JStairmand on 27 May 2014

Router Reviews

I'd be very interested to read about how secure a router is when it's reviewed and how proactive the manufacturer is regarding updates. Perhaps you could include this information in future router reviews, please.

By Pantagoon on 27 May 2014

@J Stairmand

Yes, you'd have to subvert the SSL connection in order to intercept confidential data.

But, given how much attention most people pay to whether the page is using SSL and that the SSL 3.0 and TLS 1.0 are vulnerable to at least one attack (http://www.kb.cert.org/vuls/id/864643) I think the risk is not insignificant.

By TBennett on 27 May 2014

eBay?

“A VPN client can be intercepted,” warned Tripwire’s Young. “It can expose the credentials that they’re using to log on to their work email.

Possibly how they got access to those eBay employees accounts, whence the eBay attack? Just guessing.

By martindaler on 27 May 2014

@JStairmand

If the compromised router redirects their initial URL to a look-alike site, then the bad guys will interept the whole login. They can then pass the user through to the genuine site, so the user is unaware, meanwhile they have got all the credentials they need to login themselves. SSL will never even figure in the equation since the user will be unknowingly redirected at the first instance. Is that how it works?

By martindaler on 27 May 2014

@Pantagoon

Just skimmed through PCPro's latest Linksys WRT1900AC review. No mention of the word security. Given that this very article highlights "Router Shopping" as one of the means to a secure router, and reading a review on a decent tech site is one of the first steps... Poor show.

Generally all router reviews are one-dimentiona: how fast. Ass a few comments on the cosmetics, and wrap up. No wonder we still put up with routers with only four ports and zero innovation beyond speed increments.

By martindaler on 27 May 2014

@martindaler

Fair enough, of course it requires a hosted spoof site of every major bank but its certainly a viable threat.

By JStairmand on 27 May 2014

@JStairmand

> of course it requires a hosted spoof site of every major bank

Couldn't it be done with a proxy server that displays the bank's own login page and records the user interaction?

By TBennett on 27 May 2014

@martindaler

Good points.

Come on PCPro, take the lead. Quite a few of your readers recommend hardware to other people and we need good sources of information. We need you to live up to the 'Pro' bit in your title.

By Pantagoon on 27 May 2014

Quite a large proportion of UK households will be using Sky/Virgin/BT supplied routers. I can't speak for the others, but Virgin's Superhub has no facility to update your own firmware - what's the chances of ISPs releasing updates on a timely basis?

By halsteadk on 27 May 2014

Static IPs make sense

For small sites, static IPs are the wise choice, with DNS either on a trusted internal host, or direct to the ISP.

By Anteaus on 29 May 2014

Sky

Any word on the Sky Router...like Heartbleed we keep being warned about this but no one wants to give out the facts...

By Gindylow on 29 May 2014

Leave a comment

You need to Login or Register to comment.

(optional)

advertisement

Latest Blog Posts Subscribe to our RSS Feeds
Latest ReviewsSubscribe to our RSS Feeds
Latest Real World Computing

advertisement

Sponsored Links
 
SEARCH
Loading
WEB ID
SIGN UP

Your email:

Your password:

remember me

advertisement


Hitwise Top 10 Website 2010
 
 

PCPro-Computing in the Real World Printed from www.pcpro.co.uk

Register to receive our regular email newsletter at http://www.pcpro.co.uk/registration.

The newsletter contains links to our latest PC news, product reviews, features and how-to guides, plus special offers and competitions.