So you might think, given the explosive growth of technology, expertise, awareness, and participation in the cyber security industry (attendance at RSA Conference in San Francisco spiked from about 25,000 in 2014 to 45,000 this year), that router security would be much better now.
And you would mostly be wrong. As was the case then, your router today—your window to the online world—is most likely a broken window.
And hackers, naturally, are making the most of it. Security firm eSentire’s most recent Quarterly Threat Report found a 539% increase in attacks targeting routers since the fourth quarter of 2017.
“The majority of hostile detections on the eSentire threat detection surface pertain to perimeter threats: Information Gathering, Intrusion Attempts, and Reputation Blocks,” the report said, adding, “eSentire Threat Intelligence assesses with medium confidence that these detections originate, largely, from automated scanning and exploitation attempts.”
None of those issuing the earlier warnings would be surprised. Gettys said in a more recent interview that little has changed in the commercial router market, although he did say one brand, EvenRoute, is taking security seriously. “Not only do they ship—and update automatically—a firmware that is up-to-date based on OpenWrt, but therefore also has all our bufferbloat work, including the recent Wi-Fi work that makes a tremendous improvement in latency when loaded,” he said. “Would that I could recommend other hardware/firmware.”
Indeed, the Telegraph reported in May that more than 400,000 U.K. customers of Hyperoptic, the country’s largest gigabit broadband provider, were vulnerable to hackers because of a flaw in routers made by China-based ZTE.
Hyperoptic told the newspaper that the flaw had been fixed and “all routers are secured.”
But that was five months after the company had been alerted to the flaw. And Christopher Littlejohns, manager, sales engineer, in Synopsys Software Integrity Group, said what had not been reported was that “the vulnerability detected is one of the most common and easily exploited issues in many internet devices: hard-coded credentials for privileged accounts.”
“In this case, it allowed root access—hence the ability to take over the device and use it for many nefarious purposes.”
Which sounds an awful lot like what Geer, Gettys, Schneier, and others were saying four years ago.
Today, given the number of smart devices in modern homes, a vulnerable router can allow attackers to spy on the residents, steal their financial information and identity, and perhaps even enter their houses without having to break in since they can remotely unlock the door—or simply conscript routers to become part of a botnet to be used for anything from cryptocurrency mining to launching DDoS attacks on others.