Router attacks: Five simple tips to lock criminals out

How To

2

Cybercriminals always look for the weakest link when planning their attacks – often it’s human error, such as weak passwords or opening phishing mails, but failings in home routers can allow another “way in”.

Repeated router attacks throughout the past year have shown that the devices can contain “backdoors” which allow attackers access to your private data. Once known, this information will circulate rapidly among cyber gangs.

We also don’t help ourselves. A study of 653 IT and security professionals and 1,009 remote workers found that 30% of IT professionals and 46% of remote workers do not change default passwords on their routers – one of the most important steps to take to avoid falling foul of router attacks.

So far, router attacks are a new and evolving phenomenon – but with 300,000 routers hijacked into a botnet which could “read” data from machines connected to it, it’s worth protecting yours.

We Live Security also has a separate how-to relating to using Wi-Fi safely on the move – and the dangers of “open” hotspots.

Don’t leave your username as ‘admin’

The first, and most important step, is to change your router’s password from its default username and password. Routers ship with a web page allowing users to adjust settings, with default passwords and usernames such as “admin”. These are widely known to hackers, and should be changed immediately.

For extra security, change the firmware

A recent survey found that around 80% of the top-selling “small office/home” routers on Amazon shipped with known “critical” vulnerabilities, making them easy prey for cybercriminals. ESET Malware Researcher Olivier Bilodeau says “For the relatively advanced consumer: install an alternative open source firmware on your router.” These are replacement versions of the official firmware – and often more secure. This is not for beginner PC users, but clear instructions can be found online as to how to install.

Bilodeau says, “The security problems with consumer router firmware are so bad that companies are now shipping routers with dd-wrt pre-installed. Buffalo is doing so – I think others will follow.”

Bilodeau says, “There are several alternatives. The most reputable ones I know are:
Tomato firmware: http://www.polarcloud.com/tomato

DD-WRT: http://www.dd-wrt.com/site/index

Open-WRT: https://openwrt.org/

Make sure your encryption is up to scratch

Routers are fairly reliable devices – but if you’ve had yours for too long, it might allow cybercriminals to “crack” your Wi-Fi easily. Older routers with WEP encryption are vulnerable – check on your settings page which one you’re using. If it’s WEP, change to the more secure option WPA. If not, buy a new router.

Don’t tell the neighbours your name

Wi-Fi networks have a network name – known as an SSID – and most ship with a default name, which instantly tells a potential attacker what model you are using (the name usually includes the brand). For a potential attacker – for instance, against a small business – this is useful information. Some models have vulnerabilities that make router attacks easy, and these are often widely known among the criminal community. A researcher found last year that popular routers by Linksys and Netgear had a vulnerability which could have allowed cybercriminals “full access” to home networks, allowing for identity theft or worse. It’s worth considering making yours a “hidden network” – disabling the broadcast of the SSID’s name. That way you’re less visible to attackers – and to connect new devices, simply type in your network’s name on the gadget.

Know who’s connecting to your network

Any PC or mobile computing device has a unique identifying number known as a MAC address. If you access your router’s settings, you can select which devices can and cannot connect to your network – meaning for instance, a neighbour couldn’t log in, or a teenage visitor could not access unsuitable sites via a smartphone.

Add the MAC addresses of all authorized devices in the home – iPhones, tablets, laptops etc. – to the router’s authorized list. No other device will then be allowed on the network. You can find the MAC addresses of mobile phones and other portable devices under their network settings, though this will vary for each device. Check with the manufacturer.

Author Rob Waugh, We Live Security

  • Kyle

    OK. I’d put it in this order.

    Turn off Remote Management.
    Change default password.

    SSID’s that aren’t broadcast, isn’t really true. Besides, the people with the skills to break in over WPA/WPS are gonna go through the internet side first. I mean even with luck, reaver is gonna take ya 8 hours to knock out a pin. Almost all home routers are hacked through the WAN now.

    WPA yes…TURN OFF WPS. No WPS, then they gotta brute the password.

    Last, learn how to scan your own network from the outside in. No ports open, good chance your router won’t be getting owned.

  • Jammer

    Yes agreed Kyle. I wrote a script (Test purposes) to scan some subnets of Australia’s well known ISP’s, well the amount with the standard 8080, 8001 ports and username&password set to default was astounding. Simply scrolling through the modem/router with the script crawling URL’s, its basically an automated system to retrieve the username and password for the ISP account (A lot don’t encrypt the password, its pure HTML). After a huge dump to Telstra and Optus, they threatened me with legal action, its not my problem but theirs as they should be explaining to people when they sign up to their contract to follow these simple steps instead of helping skiddies create botnets! I think ISP’s should be held responsible as the end user a lot of the times doesnt know what to do.

Follow Us

Sign up to our newsletter

The latest security news direct to your inbox

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.