Most families and small offices have wireless routers but unaware of the massive insecurity the routers are exposed to. Encryption keys or passwords are in other words useless because it’s easy to extract as said by Austrian security testing outfit SEC Consult.
If an attacker gains control of a router they can monitor, redirect, block or otherwise tamper with a wide range of online activities. A number of vulnerabilities were identified in the Cisco Linksys EA2700 Network Manager N600 wireless-N routers. Pen-tester and researcher Phil Purviance reported a number of findings to Cisco but Cisco never acted on them. Purviance wrote on his blog of the EA2700, “What I have found was so terrible, awful and completely inexcusable! It only took 30 minutes to come to the conclusion that any network with an EA2700 router on it is an insecure network.” Purviance provided that a cross-site scripting bug was found on the router’s apply.cgi that works regardless of authentication and would allow a hacker to access the device, change settings or upload modified firmware.
The Buffer overflow flaws is another vulnerability, they allow code to be written to the memory outside the boundaries of a piece of software. SEC Consult found a weakness where a hacker could either wipe out or compromise a router to install malware and spy on its owners. SEC Consult confirmed the vulnerability in a number of NetUSB including Netgear, ReadyShare and TP-Link print share. 92 separate vendors are believed to be vulnerable. SEC found a driver used during NetUSB stup on PCs that named another 21 vendors whose products could be affected including Western Digital and IOGEAR.
The vendors responded to the shortcomings of their routers. A TP-Link spokesperson said addressing the vulnerability had been a company priority ever since SEC Consult flagged the issue. They also added that TP-Link is the only vendor that has already started releasing fixed firmware and has a schedule of continuously updating firmware. Netgear never commented on the specific but provided that they take customer security seriously and is actively updating the firmware to address any potential security vulnerability. A D-Link spokesperson said;” we are not aware of this security issue affecting any D-Link products but we are currently carrying out the necessary investigations to ensure all products comply with safety and quality standards.” Written by Forbes.
Despite the vulnerability of the routers customers can also protect themselves. Security firm ISE and digital rights the Electronic Frontier Foundation have been so shocked by the lack of security on routers they set up the SOHOpelessly Broke campaign to try to compel manufacturers to embed protections in their kit. In regard to the NetUSB flaw, users should be aware the feature was enabled on all devices SEC Consult checked and the service was still running even when no USB devices were attached hence it implies that it is likely turned on all the time unless a user switches it off. Users are therefore recommended to disable the service and block port 20005 with a firewall.
Below are some of the basic router tips users should include in their security strategies written by Craig Young of tripwire.
- Don’t allow remote management over the internet.
- Don’t forget to log out after configuring the router.
- Turn on encryption and turn off WPS.
- Passwords matter. Default passwords are the same for an entire product line or are generated from a common algorithm making the device vulnerable for an attack. Users are advised to change passwords rather than using defaults.
- Keep the router firmware up to date.
The next time your family enjoys the home WI-FI at their own comfort take precautions to avoid attacks from hackers.