How Well Do You Know Your Router?

Wired and wireless routers can leave home and organization networks wide open to cyberattacks. While failure to patch the flaws in time is attributed as one of the major reasons,  security researchers have been raising the alarm over the lax security practices followed by manufacturers.

The bigger picture

  • According to a recent study by Germany’s Fraunhofer Institute for Communication, it was found that many routers did not receive any update in the past 12 months, despite having several known security flaws.
  • The study was conducted on 127 different models that contained around 53 critical vulnerabilities. The router models include ASUS, AVM, D-Link, Linksys, Netgear, TP-LInk, and Zyxel.
  • Out of these 127, 46 did not receive security updates in the last year.
  • Additionally, the study revealed that vendors were providing firmware updates without fixing the security issues. Consequently, a consumer who installs the latest version of the routers’ firmware would still be affected by the existing critical vulnerabilities.

What else?

  • Netgear is facing a race against time to release a patch for some 758 different firmware versions dating as far back as 2007. These firmware versions - found across 79 models - are affected by a vulnerability that can be exploited by a specially-crafted HTTP request.
  • A severe KrooK vulnerability in Wi-Fi chips manufactured by Broadcom and Cypress can allow an adversary to decrypt wireless network packets transmitted by vulnerable devices. While it affects many client devices, routers using Broadcom chips are also not spared from the flaw.

Botnets bring in a new wave of attacks

  • With the dawn of the Internet of Things, botnet developers have found a foolproof way to infect the victims and this is done by turning common IoT devices, such as routers, into bots.
  • Some of the prominent botnet malware variants that are being used in the ongoing turf war are Kaiten, QBot, and Mirai.
  • Lately, a new variant of Mirai was reported adding nine new exploits, including one for the Comtrend VR-3033.
  • This is not the first time that Mirai has been found adding exploits for routers in its arsenal. In March 2020, Mukashi, a Mirai variant, enabled its operators to break into Zyxel routers that are vulnerable to a remote code execution vulnerability (CVE-2020-9054).
  • In December 2019, ECHOBOT, another variant of Mirai was found scanning the internet for a huge 71 unique exploits that affect routers, firewalls, IP cameras, and server management utilities.

What do reports say?

  • According to a 2018 report from eSentire, there was a 539% increase in attacks targeting routers since 2017.
  • Trend Micro researchers revealed an increase in brute force attacks against routers from October 2019.

Final words

With a large number of the population currently reliant on home networks for their work and studies, experts indicate that cybercriminals can target insecure home routers to ramp up their attacks. This can result in hijacking the victims’ bandwidth, slowing down their networks, or even taking down an organization’s website.

To avoid such attacks, it is necessary that users should ensure the router is running the latest firmware. Moreover, it is important to use a strong password and change it from time to time.