Attacks on home routers soar during lockdown
Research has uncovered a major wave of new attacks on home routers for use in IOT botnets, or collections of Internet-connected devices that are each infected and controlled by a common type of malware.
“The scale of this threat is increasing as brute force log-in attempts against routers is on the rise,” says Yoni Kahana, VP of business development at NanoLock Security.
He cites a report from Mordor Intelligence, which predicts that by the end of 2020, households around the world will have over 10.5 billion devices capable of connecting to their home WiFi router, which leaves a wide attack surface for bad actors to prey on.
Trends indicate that attackers are competing with each other to compromise as many routers as possible so they can be conscripted into botnets. “Moreover, as the coronavirus pandemic surges on and more and more people continue to work from home (some, perhaps, permanently), the ground for attacks only ripens.”
To fortify their connected devices to reliably block outsider, insider, and supply chain attacks (even when other measures fail), manufacturers need to take a different approach to cyber security, adds Kahana. “They need to focus on ways to address security vulnerabilities before they are exposed, to ensure that their growing networks of routers will remain resilient in the face of attempted hacks.”
In June, he says NanoLock discovered a new hack in a Buffalo Router (V 2.46), which is used in millions of homes as well as businesses. Through this vulnerability, hackers could infiltrate and take control of household devices, and with so many people working and learning from home during this period, there was never a better opportunity for cyber criminals.
“Fixing a specific vulnerability doesn't solve the root problem,” says Kahana. “There will always be more vulnerabilities affecting home routers. The industry needs to break this vicious cycle of persistent attacks with a root solution that prevents hackers from modifying the original firmware.”
He says the vulnerability in the Buffalo router can be secured by implementing NanoLock’s flash-to-cloud solution. “Hackers are blocked when they attempt to use Web admin to downgrade the Buffalo router from the secured V 2.46 to V 2.34, as an alert is also sent to the dashboard.”
In addition, even if the hacker were able to successfully downgrade to V 2.34 using the dashboard, the embedded flash protection would continue to safeguard the router from further attempts to inject malicious code, with an alert being sent to the dashboard with each attempt.
Kahana explains that this flash-to-cloud concept ensures that all persistent changes to the device’s flash (its non-volatile memory) must be signed and authorised by a trusted server or management platform that is managed by the service provider, which prevents hackers from gaining persistent access to the router.
“It’s not enough to simply identify and remedy a specific vulnerability, as this will rarely solve the core problem, and there will inevitably be other security breaches in the future,” he ends. “Rather, to fully protect routers from would-be hackers and escape the vicious cycle of ‘hack-and-patch,’ manufacturers must outfit their routers to block unauthorised persistency, and prevent persistent hijacking by enabling their customers to detect attempted attacks and recover with a simple reset.