Cybercriminals always look for the weakest link when planning their attacks – often it’s human error, such as weak passwords or opening phishing mails, but failings in home routers can allow another “way in”.
Repeated router attacks throughout the past year have shown that the devices can contain “backdoors” which allow attackers access to your private data. Once known, this information will circulate rapidly among cyber gangs.
We also don’t help ourselves. A study of 653 IT and security professionals and 1,009 remote workers found that 30% of IT professionals and 46% of remote workers do not change default passwords on their routers – one of the most important steps to take to avoid falling foul of router attacks.
So far, router attacks are a new and evolving phenomenon – but with 300,000 routers hijacked into a botnet which could “read” data from machines connected to it, it’s worth protecting yours.
We Live Security also has a separate how-to relating to using Wi-Fi safely on the move – and the dangers of “open” hotspots.
The first, and most important step, is to change your router’s password from its default username and password. Routers ship with a web page allowing users to adjust settings, with default passwords and usernames such as “admin”. These are widely known to hackers, and should be changed immediately.
A recent survey found that around 80% of the top-selling “small office/home” routers on Amazon shipped with known “critical” vulnerabilities, making them easy prey for cybercriminals. ESET Malware Researcher Olivier Bilodeau says “For the relatively advanced consumer: install an alternative open source firmware on your router.” These are replacement versions of the official firmware – and often more secure. This is not for beginner PC users, but clear instructions can be found online as to how to install.
Bilodeau says, “The security problems with consumer router firmware are so bad that companies are now shipping routers with dd-wrt pre-installed. Buffalo is doing so – I think others will follow.”
Bilodeau says, “There are several alternatives. The most reputable ones I know are:
Tomato firmware: http://www.polarcloud.com/tomato
Routers are fairly reliable devices – but if you’ve had yours for too long, it might allow cybercriminals to “crack” your Wi-Fi easily. Older routers with WEP encryption are vulnerable – check on your settings page which one you’re using. If it’s WEP, change to the more secure option WPA. If not, buy a new router.
Wi-Fi networks have a network name – known as an SSID – and most ship with a default name, which instantly tells a potential attacker what model you are using (the name usually includes the brand). For a potential attacker – for instance, against a small business – this is useful information. Some models have vulnerabilities that make router attacks easy, and these are often widely known among the criminal community. A researcher found last year that popular routers by Linksys and Netgear had a vulnerability which could have allowed cybercriminals “full access” to home networks, allowing for identity theft or worse. It’s worth considering making yours a “hidden network” – disabling the broadcast of the SSID’s name. That way you’re less visible to attackers – and to connect new devices, simply type in your network’s name on the gadget.
Any PC or mobile computing device has a unique identifying number known as a MAC address. If you access your router’s settings, you can select which devices can and cannot connect to your network – meaning for instance, a neighbour couldn’t log in, or a teenage visitor could not access unsuitable sites via a smartphone.
Add the MAC addresses of all authorized devices in the home – iPhones, tablets, laptops etc. – to the router’s authorized list. No other device will then be allowed on the network. You can find the MAC addresses of mobile phones and other portable devices under their network settings, though this will vary for each device. Check with the manufacturer.
Author Rob Waugh, We Live Security