Router security: why your gateway to the web is at risk

26 May 2014

Nicole Kobie reveals why routers are in need of automatic updates – and why you should check your settings now

Imagine a criminal following you everywhere, noting down your PIN at the ATM and standing between you and the till at a shop. That’s analogous to what happens when hackers compromise your router – and poorly secured devices are being targeted more frequently.

Five years ago, a worm dubbed Psyb0t spread across the world, infecting more than 50 different models of domestic router. Now security experts believe that such attacks are on the rise.

In the past six months, Cisco, D-Link, TP-Link and Netgear have all been forced to issue emergency patches; attacks in Poland have enabled criminals to intercept traffic between home users and their banks; 300,000 routers have been compromised worldwide by an unknown intruder, according to security firm Team Cymru.

Once you’ve gained access to the system, there’s such a complete lack of security measures that you can replace the entire OS that runs on the routers

Underlining the threat, Tripwire research has revealed that 80% of small-office/home-office (SoHo) routers have exploitable flaws – yet only half of IT professionals have updated their firmware. The situation is only set to become worse. F-Secure security advisor Sean Sullivan warns: “Once the idea is out there, it will take root and grow.” So what can we do to protect ourselves?

Powerful threat

Router attacks are serious because they allow hackers to monitor and interfere with communications between you and your online destination, be that PayPal, a bank or your work email.

“It’s powerful because you’re sitting at the gateway,” explained a Team Cymru researcher, who asked not to be named for security reasons. “You could easily install malware; start filtering the traffic for logins, then redirecting people and stealing banking credentials.”

There’s almost nothing holding back attackers from doing as they please. “Once you’ve gained access to the system, there’s such a complete lack of security measures that you can replace the entire OS that runs on the routers,” noted Tripwire researcher Craig Young.

Routers are a valuable target because they typically give attackers access to all the devices in a household.

“If you change the DNS settings in a laptop, you’ve only got that one laptop,” said Dr Johannes Ullrich of the SANS Technology Institute. “If you change them on the router, you have every single system behind that router, and that makes it more attractive – particularly as people use more mobile devices and tablets.”

Working from home?

Weak router security is a threat to businesses, too. When an employee works from home, many businesses – be they SMBs or large enterprises – wisely provide VPN access and a work-only laptop. If the router is compromised, however, such security measures are wasted.

“A VPN client can be intercepted,” warned Tripwire’s Young. “It can expose the credentials that they’re using to log on to their work email.

If you have an employee working from home using a laptop that you’ve provided, you should also consider giving them the wireless access point that you would use in your business environment, since such devices will have been vetted for security.”

What’s causing it?

The researchers PC Pro spoke to were in agreement as to why router attacks are increasing. Traditional attacks that target laptops and other clients are becoming harder, “forcing the bad guys to explore new avenues”, in the words of Steve Santorelli, director of global outreach at Team Cymru.

Routers, conversely, typically have weak security. People don’t change their default passwords, they don’t lock down their settings and they don’t install updates.

Read more