IoT heralds a quantum leap in the number of devices connected through a Wi-Fi router. In the home for example, devices such as lights, electric plugs, cameras, alarms, kettles, refrigerators, etc. communicate with each other on the local Wi-Fi network, and to the internet through the home router/modem. If one device on the Wi-Fi network is compromised, the attack could compromise the router itself, as well as data from other devices on the network. An example is a recent vulnerability discovered in a connected kettle which is able to steal router passwords.
Up to now, Wi-Fi routers have been largely overlooked as targets for attack, however due to their increasingly pivotal, critical position, this is about to change. The question becomes, how secure is the router, how vulnerable is it to attack? Routers rarely have their firmware updated and are not generally scanned for vulnerabilities by security solutions. Once compromised however, router malware can be used for DNS poisoning and for DDoS attacks, as well as for attacks on both the data and on connected devices. A recent example is the vulnerability found on Netgear routers which can modify DNS settings and direct users to malicious sites. Last year, researchers discovered “TheMoon”, a self-replicating worm, on Linksys routers. There is little doubt that routers will attract a lot more attention from malicious attacks in the future.
Wi-Fi jamming attacks are relatively simple and cheap to carry out. With more and more IoT devices on the Wi-Fi network, the consequences of Wi-Fi jamming attacks become more significant.
In late 2014, an interesting code infection was discovered on a large number of routers. Known as Wifatch, the infection infiltrates the router through a Telnet connection, exploiting devices whose default admin passwords have not been altered. Not many users change their default router password. The Wifatch infection is not malicious, rather it appears to protect the device by turning off Telnet, scanning for malware, and advising the user to change the default router password. The developers behind Wifatch, who call themselves “The White Team”, have released their source code to prove that the infection is benign. What is alarming however is the ease with which it successfully infected a large number of devices, and the potential damage it could have caused.
Imagine a giant billboard at the entrance to your neighbourhood, showing the location of homes with poor security. Burglars would know who to target, and home owners would know whether to upgrade security. There is such a billboard on the internet – it’s called Shodan – a search engine for internet-connected devices. Shodan can provide for example, a list of vulnerable routers with default administrator passwords. Default administrator passwords to popular routers from manufacturers such as Netgear, Linksys, Belkin, D-Link and Buffalo, are listed in this beginners guide. In some cases, ISPs white label routers and install their own firmware, further clouding the waters.
The Federal Communications Commission (FCC) is a US government agency for regulating broadband (and other) communication. Currently, the FCC is considering new rules to limit the ability to upgrade firmware in routers. Clearly this would lower security as manufacturers would be unable to patch. If the regulation is adopted, routers such as those from Turris would not meet standards. A submission to the Commission by 260 security experts (including the likes of Vint Cerf, Bruce Schneier, and Linus Torvalds) argues that it is essential that router firmware upgrades are permitted and controlled by the router owner, and that router firmware source code should be publicly disclosed. I’d like to see more router control going to the user, with ability to upgrade firmware, install security solutions, manage data flows, etc.
Ability to update routers is essential to fix problems such as common SSH keys and https certificates hard coded in the firmware.
In addition to attention by the FCC, the German government is looking to establish a security rating system for routers. Their aim is to improve router security by increasing awareness among users.
Basic steps should be taken to protect routers:
- Change the default administrator password to a complex one
- Disable remote Telnet access
- Update the firmware
SentryBay has been researching and developing tools to monitor and manage data transmitted from all devices including IoT devices on a local Wi-Fi network, allowing users more control over their privacy.