With the ever booming rise of smart homes that help you stay connected, wireless routers are becoming your most important requirement. For any internet-savvy house, Wi-Fi network is the primary means of connection. Once connected, you rarely ever think about the router, it becomes a part of your furniture.
And yet, we are impervious to the threats we face from these routers, like the ones we have been seeing in the media recently. So, does this mean that we are not paying enough attention to the devices we use to access the online world? The simple answer is that- yes, we should.
How Does This Affect Me?
According to recent research by Norton, there have been over 45 million threats in the US alone, since August 2017. Similar statistics were revealed by Symantec which stated that there was a rise of 600% in the attacks on the Internet of Things since the same time. And of the devices which were attacked, home wireless routers stood on top with 33.6% attacks.
The hard-hitting fact is that even though routers attacks have been increasing ever since most people do not bother to update their router’s firmware, and some of them have never even logged into its administration page. On the other hand, media and online reports about state-sponsored and targeted router and IoT attacks have made consumers aware. And these reports are just the beginning.
Such reports work as reminders to us that once a home wireless router network is compromised, hackers can gain access to all your personal information from any of the devices connected to it. This includes names, contact numbers, dates of birth, medical information, Social Security number, financial and tax records. When attackers get their hands on your login credentials, they can access and manipulate all of your online accounts, or use your information to open new accounts or resort to illegal deeds, all in your name.
How Router Attacks Happen
Department of Homeland Security’s organization known as the US-CERT (United States Computer Readiness Team) that analyzes and responds to cyber threats has warned about possible state-sponsored attacks by exploiting network devices like routers.
This state-sponsored attack group consists of hackers whose organize attack plan includes gathering intelligence, disruption, financial gains, and/or sabotage. Such groups are supposed to get support from a form of government. The targeted attacks carried out by these groups mostly come under espionage.
For now, as the published warning indicates, the targets are the inside private-sector organizations and the government wings, ISPs and infrastructure providers for these sectors. However, the FBI now has reasons to believe that the lines have blurred and it might be not so long before even SOHO (small office home office) users’ information is vulnerable as well.
The cyber attackers could compromise the home wireless routers and perform man-in-the-middle attacks. These attacks could go well beyond espionage and could be used to extract intellectual property or gain continuous access to user networks.
Is It So Easy To Compromise Your Routers
Routers are easier to compromise than other devices because they are an easy opening. On one hand, technological improvements have seen many advancements and upgrades in various devices and apps we use to connect to the internet. On the other hand, there are many router vulnerabilities. Every household that connects through a router accepts it as a part of their internet package, trusting the strong the built-in security offered.
Reasons Behind Router Attacks
The zero-day vulnerabilities in routers might be targeted by organizations and skilled hackers and criminals to sell your information to agencies and governments for a bounty. In 2018, Dasan and Draytek routers came into the limelight for having severe security flaws. Their vulnerabilities allowed the attackers to complete the authentication bypass, which gave the hackers total control over the router settings. Moreover, Draytek users’ DNS settings were altered and hackers were able to exploit the flaws in Dasan routers before any patch was made available.
One key point to realize is that the main issue regarding router security is no more than users’ lack of awareness. As mentioned above, most users take the security and protection of their routers for granted, not on par with how they treat the security of their other devices. While you might be taking measures to keep your online banking credentials secure, or changing your passwords regularly, the same cannot be said for your router. The default password which with you log on to your router is the least; even if it cannot be cracked by brute-force attacks, there is a chance that hackers can exploit it.
And in some cases, when manufacturers take measures to fix the discovered security flaws, users mostly ignore the security updates. To illustrate this, let us consider the exploit of a flaw in MikroTik routers by hacker “Alexey” in October 2018. There was a router patch available that dated to April 2018 but due to the lax in general router security, Alexey could hack into more than 100,000 routers.
Although he said that he did it to install the security update for the users, it drew flak from them as they felt he invaded their privacy. Whatever his motive, this attack proves the above point that router security updates are often ignored.
Motives Behind Router Attacks
Direct Attacks- Individual routers can be compromised routers and used for a bevy of nefarious purposes like crypto jacking and DDOS attacks.
Cryptojacking- Bitcoin and other cryptocurrencies can be mined with your computer, which is when criminals can use botnets to harness the power from your device.
DDoS Attacks- Hackers can easily use botnets to hijack your device with DDoS attacks.
Data Theft- Hijacking your Wi-Fi through your internet signal can be done by even your neighbors trying to mooch your bandwidth.
- Security begins with you. When you get a new router and set it up, do not forget to change the default password that comes with it. Always use two-factor authentication if possible.
- Set up a VPN connection on your router. This will allow you to encrypt all of your Internet traffic.
- Just a simple password on your router cannot keep you secure. Most passwords can be easily cracked with a basic search on the internet.
- Instead of using an open hotspot, use WPA2 encryption on your home Wi-Fi network. Create a guest Wi-Fi network to access the web on new devices or for guests.
- Always sign out your accounts when you are done and if you use an IoT device, do not store sensitive credit card or password information. For online purchases, set up a purchase password or turn off purchasing.
- Restrict outside world’s access to your router signal by placing it away from the windows and as much deep within the home as possible. From time to time, switch off your router for a few seconds before switching it back on.
- Securely configure your router settings and pay attention to security and firmware updates as and when the manufacturer makes them available.
Going back to the furniture analogy we started this article with, your router is not something which you place it in your home and forget about. Good router security can be possible and you can stay safe if you bother to pay attention.