Ok, so I need to work on the title of this post, but at least it drew you in enough to read it, so it has worked to some degree! 🙂
So over the last few months we’ve heard a number of high (and some low) profile issues and vulnerabilities regarding various routers out there in the market place or being provided by our ISP’s as freebies for signing up to their broadband services.
Back in October “We Live Security” put up an article following research carried out by ESET on people who volunteered their router data for analysis, with some rather worrying results. This was followed in December by Computerworld.com reporting on unpatched vulnerabilities in Netgear routers, not to mention the big companies such as Cisco even announcing vulnerabilities in their products back in July! Today I even stumbled across an article regarding poor security in D-Link routers and IoT devices.
One of the important lessons learned from these is that router security is vitally important and as a basic set of security steps you should change your router access passwords to complex passwords with long character sets, as well as changing your default admin access passwords as well when logging into the router to change settings.
One recent worrying discovery that highlights this is the recently announced Switcher malware as discussed in an article posted last week by Kaspersky. The malware and methodology of this attack is very clever and yet extremely simple. The article does do a very good job of providing a very simple explanation, but in essence the malware infects a mobile device (currently Android devices are being targeted) via malicious apps and when connected to a WiFi network calls home to its command and control (C&C) server with details of the network that it is currently on. The C&C then gives instruction for the device to begin hacking the WiFi admin access via brute force (so trying every possible password combination). If you have default passwords (i.e. ‘admin’ or ‘password’) then this will not take long at all. Once inside the malware changes the default DNS settings to reroute all of your outbound traffic to a malicious DNS server that then sends you to a fake, but legitimately looking, website in an effort to capture your credentials.
All-in-all, routers are being targeted and currently it is down to the users themselves to secure them as best as they can against these malicious attacks! So if you haven’t done so already start changing those password, consider monitoring your traffic, configure your firewalls and raise the drawbridge of your network fortress to keep unwanted visitors out of your precious network! In addition to this, avoid malicious apps, install security software on your phone and other devices, and generally deploy good cyber hygiene for you, your family and your business!