Cybersecurity Snapshots #8 - Is Your Home Router Secure?
Cybersecurity Snapshots #8 -
Is Your Home Router Secure?
Due to COVID-19, many employees are now working remotely from their homes which means that they are using their home routers to connect to the internet. Cybercriminals know that home routers are not secured with default credentials, but most users are unaware of this. Many do not question if there are flaws with their home routers that could lead to a data breach. Cybercriminals are now trying to exploit the lack of knowledge employees have and are trying to access their home routers leading to the question-- Are home routers secure?
Force login attempts against routers are increasing. In September 2019, researchers at Trend Micro recorded 23 million brute force login attempts. Since then, the number of brute force attacks against routers has gone up significantly. In March 2020 Trend Micro recorded almost 194 million brute force login attempts. Adversaries are also attempting to open telnet sessions with IoT devices like smart home appliances, printers, and internet connected cameras to probe for user credentials. In mid-March 2020, nearly 16,000 botnets tried to open telnet sessions with IoT devices in a single week.
In 2019 researchers at NanoLock Security discovered a firmware flaw in routers made by the company Buffalo which has millions of customers that own their routers. The routers are vulnerable to a firmware attack that can downgrade devices to a less secure version, which would further compromise them. In 2019 NanoLock researchers met with Buffalo engineers to describe the attack and the firmware flaw that their routers contain. However, as of today, Buffalo has not released an update that fixes the flaw found by the researchers.
Recently two security researchers discovered a vulnerability that impacts 758 different firmware versions that are used on 79 Netgear routers. The severe security flaw can allow hackers to take over devices remotely. Some firmware versions affected by this vulnerability were first deployed on devices released as far back as 2007. The bug resides in the web server component that is packed inside the vulnerable Netgear router firmware. The vulnerability allowed the researchers to start the router's telnet daemon as root listening on TCP port 8888 and did not require a password to log in. The researchers reported the vulnerability to Netgear in early 2020, but due to the vulnerability's broad impact and the enormous amount of work needed to produce and test a patch for all devices, the router maker requested more time to fix these issues; however, this extension expired on June 15th.
In another new study, researchers from Germany’s Fraunhofer Institute for Communication, Information Processing, and Ergonomics (FKIE) looked at 127 router models including ASUS, AVM, D-Link, Linksys, Netgear, TP-Link, and Zyxel. The researchers discovered that nearly all tested routers were afflicted with scores of unpatched and often severe security flaws, which could put users at risk of a cyberattack. Even the routers that had been recently updated still contained many vulnerabilities. The researchers found that the average length of time since the routers had their latest security updates was 378 days. Of the 127 routers tested, 46 had not received any security update within the last year. On average, the routers were impacted by 53 critical-related vulnerabilities.
To help prevent attacks against home routers, users should use strong passwords for their home routers and change them from time to time. They should also make sure that their routers are running the latest firmware, and only allow logins to their router from the local network. It is very important that in the future router manufacturers take a different approach to cybersecurity than what is currently in place. Companies need to focus on ways to address security vulnerabilities before they are exposed to ensure that their growing networks of routers will remain resilient if an adversary attempts to hack them.