Is Your Router Secure? Probably Not!

Status
Not open for further replies.
Joined
Jan 31, 2006
Messages
4,440
Location
Idaho
Quote
...Wi-Fi router manufacturers are neglecting to update their firmware for known vulnerabilities, and the problem is likely more pervasive for other IoT devices. When these security lapses occur, firmware can be fairly easily exploited by hackers with nefarious intentions...

...Based on Insignary's Clarity scanning tool, our analysis shows that of the 186 sampled routers, 155 (83%) were found to have vulnerabilities to potential cyberattacks (see Figure 1) in the router firmware, with an average of 172 vulnerabilities per router, or 186 vulnerabilities per router for the identified 155 routers. In total, there was a staggering number of 32,003 known vulnerabilities found in the sample....

The results of this study suggest that the most popular Wi-Fi routers in peoples' homes are inadequately updated for security, leaving IoT devices open to attacks with potentially disastrous results. Simply resetting your router is not enough. Keeping firmware patched for known online threats may be an expense for manufacturers, but not doing so leaves consumers to collectively bear the burden of potentially much higher costs from cybercrime.

Each of the 32,003 vulnerabilities identified in this report put consumers, our infrastructure, and our economy at risk. If this growing threat is to be countered effectively, manufacturers must commit more resources to identify and mitigate open source vulnerabilities on their devices and consumers must remain vigilant for potential threats that could compromise their personal data. With the IoT market expanding quickly for both residential and industrial applications, the need to secure firmware cannot be overstated...

...Internet-connected devices are now nearly ubiquitous in the United States and routers are a central point for connecting these IoT devices.......The security we want for our devices and software is rather simple. We want these electronic devices to be free from intrusion, and we want the data to be secure, not corruptible and certainly not distributable without the owner's authorization. Yet, our results show that these devices are highly vulnerable, and are becoming an increasingly attractive target for cyberattacks...

...Symantec's annual Internet Security Threat Report found a 600% increase in IoT attacks in 2017. Routers were the most frequently exploited type of device, making up 33.6% of IoT attacks...

...The 2017 Annual Cybercrime Report published by Cybersecurity Ventures predicts IoT devices to become the major technology crime driver in 2018, and that cybercrime damages will cost the world economy $6 trillion annually by 2021...


http://www.theamericanconsumer.org/wp-content/uploads/2018/09/FINAL-Wi-Fi-Router-Vulnerabilities.pdf


Is the federal government doing anything to protect US citizens from this type of cybercrime? Or is every individual expected to be their own cybersecurity expert?
 
Last edited:
Every time I've posted a thread on this it's amazing the number of people who pass it off as insignificant. Consumer gear is made to a price point. At that price point, you aren't getting Enterprise-class security. Many devices are abandoned by their manufacturers, despite being fraught with unpatched vulnerabilities, as soon as their successors hit the scene.
 
I've always hated that home routers had maybe 5-6 years of life (or longer) from a features and performance standpoint, but the manufacturers give up on updating them to patch security holes after only about two. I shouldn't have to replace a $100-$150 piece of perfectly usable networking equipment every two years just to stay safe(er) online simply because the manufacturer can't be bothered to patch it with firmware.
 
Originally Posted by gathermewool
What is the nature of these attacks? How are Russians getting access to the router to do nefarious things?


They are gaining access through unpatched vulnerabilities which can allow remote code execution, admin access, snooping, redirection, DNS manipulation for the purposes of phishing....etc.
 
Not surprising since I know people still using wrt54g v2 and other similarly old products.
 
Originally Posted by OVERKILL
Every time I've posted a thread on this it's amazing the number of people who pass it off as insignificant. Consumer gear is made to a price point. At that price point, you aren't getting Enterprise-class security. Many devices are abandoned by their manufacturers, despite being fraught with unpatched vulnerabilities, as soon as their successors hit the scene.


What is your take on 3rd-party firmware? Those projects seem like they're more actively developed and maintained. If one's hardware supported it, would you recommend a 3rd-party firmware?

EDIT: For example - https://openwrt.org/
 
Last edited:
Originally Posted by OVERKILL
Originally Posted by gathermewool
What is the nature of these attacks? How are Russians getting access to the router to do nefarious things?


They are gaining access through unpatched vulnerabilities which can allow remote code execution, admin access, snooping, redirection, DNS manipulation for the purposes of phishing....etc.


Yea, I got all of that, but HOW are they gaining access to individual routers? How are these guys able to get admin access, outside of phishing and other avenues of attack in which the target needs to actually click-on, select or run malicious code first?

In other words, are these guys able to take advantage of vulnerable assets while practicing good cyber security awareness tactics?

Specifically, my router cannot be accessed wirelessly (that I know of!). I have it set, so that I have to gain access using an ethernet cord. Kind of a pain in the butt, but firmware updates don't come often enough to warrant changing this. Aside from that, I've got a complicated password that isn't stored on any of our assets. Does this mean that, so long as I don't click on shady links, succumb to phishing attempts, or visit shady sites, I'm good to go?
 
Last edited:
If you surf the web, *any* webpage that gets advertising, etc., from outside vendors can carry malware.

If you just *connect* a PC to the internet, that is NOT up to date on security patches, and your router or antivirus product aren't up to date as well, new malware can supposedly get through-even if you don't surf.

I was in IT, writing applications for 35 years, and even *I* can't keep up on every vulnerability.

I bought a new router (Asus AU86) that has filtering software to block and log attempts to subvert the router. I get several to dozens of log hits each day, from perps trying to get in to the router.

I pay for Bitdefender, and also run Malwarebytes free and run Windows Defender scans at least once a week.

I do online banking, so I am paranoid about safety. I still can't prove that I haven't been hacked...
 
Originally Posted by Rand
Not surprising since I know people still using wrt54g v2 and other similarly old products.



Yes, but that is like the Nokia 3110 of the Router world.

Disabling the Admnin over Wifi and paying attention to the ports you keep open does wonders. MITM attacks are a possibility if you are a hi value target but other than that you are more at risk at your favorite restaurant or coffee shop or park from package sniffing...
 
Originally Posted by gathermewool
Originally Posted by OVERKILL
Originally Posted by gathermewool
What is the nature of these attacks? How are Russians getting access to the router to do nefarious things?


They are gaining access through unpatched vulnerabilities which can allow remote code execution, admin access, snooping, redirection, DNS manipulation for the purposes of phishing....etc.


Yea, I got all of that, but HOW are they gaining access to individual routers? How are these guys able to get admin access, outside of phishing and other avenues of attack in which the target needs to actually click-on, select or run malicious code first?

In other words, are these guys able to take advantage of vulnerable assets while practicing good cyber security awareness tactics?

Specifically, my router cannot be accessed wirelessly (that I know of!). I have it set, so that I have to gain access using an ethernet cord. Kind of a pain in the butt, but firmware updates don't come often enough to warrant changing this. Aside from that, I've got a complicated password that isn't stored on any of our assets. Does this mean that, so long as I don't click on shady links, succumb to phishing attempts, or visit shady sites, I'm good to go?



I'm nowhere near an expert on this, but my understanding is that they can gain access to the router just through the internet, no need for being physically anywhere near the network. They can run some kind of scan for all WAN IP addresses trying to exploit some kind of specific vulnerability, and once they find an IP with a certain router that responds as expected to the vulnerability, they can access the entire network.

Another thing to note, I don't think this is limited to WiFi routers, the report calls them Wifi routers since that's what most consumers call them. Running through their sample list, there are standalone wired routers as well.
 
Originally Posted by bobdoo
If you just *connect* a PC to the internet, that is NOT up to date on security patches, and your router or antivirus product aren't up to date as well, new malware can supposedly get through-even if you don't surf.



How is this possible?

I can see a hacker gaining access to any consumer asset they want, if they put their mind to it, and I can see going to a bad site and clicking bad link, as well as someone downloading a bad file, containing a Trojan of Virus; I can even see someone sitting outside of a target's house, within its wifi range, and doing something nasty.

I've heard of legit sites being hacked and bad things happening that way; however, what if this and none of the above happen? How can someone have something bad happen just sitting there, connected to the internet, doing nothing?
 
And this is why I run PFSense on a computer that sits in the corner and I have my DSL modem in Bridge mode. I also have Squid Proxy running with Clam AV. I regularly get intrusion attempts because I have a static I.P. address. PFSense stops it all. The monitoring alone makes it worth it and the Software is free to use for personal use. You can run it on a PC or on hardware they sell through Netgate.
 
Last edited:
Originally Posted by OVERKILL
Every time I've posted a thread on this it's amazing the number of people who pass it off as insignificant. Consumer gear is made to a price point. At that price point, you aren't getting Enterprise-class security. Many devices are abandoned by their manufacturers, despite being fraught with unpatched vulnerabilities, as soon as their successors hit the scene.


Do you have a list of ones you recommend. Thanks!
 
Originally Posted by gathermewool
Originally Posted by bobdoo
If you just *connect* a PC to the internet, that is NOT up to date on security patches, and your router or antivirus product aren't up to date as well, new malware can supposedly get through-even if you don't surf.



How is this possible?

I can see a hacker gaining access to any consumer asset they want, if they put their mind to it, and I can see going to a bad site and clicking bad link, as well as someone downloading a bad file, containing a Trojan of Virus; I can even see someone sitting outside of a target's house, within its wifi range, and doing something nasty.

I've heard of legit sites being hacked and bad things happening that way; however, what if this and none of the above happen? How can someone have something bad happen just sitting there, connected to the internet, doing nothing?


I think the fact that it can be done is the exact reason this should be a much bigger issue.

A webpage is just computer sitting on the internet at a specific IP address, just like your router at home. You don't have to click anything, or install anything, or even be at the machine. As a simple comparison, think of remote desktop, a 3rd party machine could easily login to your machine and do things on it. With the right vulnerability, they could get through your router just hop on your PC and do whatever they want. Maybe they install key logger that sends back all the logins you type, or they setup a server to serve illegal files. All of this could be happening on your PC without affecting your usability and without you knowing it's happening.
 
Originally Posted by EdwardC
Originally Posted by gathermewool
Originally Posted by bobdoo
If you just *connect* a PC to the internet, that is NOT up to date on security patches, and your router or antivirus product aren't up to date as well, new malware can supposedly get through-even if you don't surf.



How is this possible?

I can see a hacker gaining access to any consumer asset they want, if they put their mind to it, and I can see going to a bad site and clicking bad link, as well as someone downloading a bad file, containing a Trojan of Virus; I can even see someone sitting outside of a target's house, within its wifi range, and doing something nasty.

I've heard of legit sites being hacked and bad things happening that way; however, what if this and none of the above happen? How can someone have something bad happen just sitting there, connected to the internet, doing nothing?


I think the fact that it can be done is the exact reason this should be a much bigger issue.

A webpage is just computer sitting on the internet at a specific IP address, just like your router at home. You don't have to click anything, or install anything, or even be at the machine. As a simple comparison, think of remote desktop, a 3rd party machine could easily login to your machine and do things on it. With the right vulnerability, they could get through your router just hop on your PC and do whatever they want. Maybe they install key logger that sends back all the logins you type, or they setup a server to serve illegal files. All of this could be happening on your PC without affecting your usability and without you knowing it's happening.


Right, but that would mean that the infiltrator would have to single you out, specifically, right?

Like I said, if Joe Hacker parks his car outside of my house, within wifi range, I'm probably screwed. I have no delusions of being protected from that. The chances of THAT happening, though, I feel are infinitesimally small.
 
Status
Not open for further replies.
Back
Top