Home routers and firewalls are supposed to make users easy and safely connect many devices to their Internet connection. Those devices were advertised to make your Internet safer. In many cases they helped, but more and more often they itself be a real security problem. Strange but saddly true.
Home Routers Pose Biggest Consumer Cyberthreat article says that many home routers are almost impossible to secure because there are so many vulnerabilities in them. It doesn’t take much actual hacking to take over most home routers. Typical problems are related to remote management functionality. Most ship with default admin credentials that are easy to guess and sometimes impossible to delete after they’re changed, or a long list of extraneous, often complex, services built into most home routers and the virtual impossibility of either shutting them down or securing them. Also Universal Plug and Play (UPnP) is riddled with security problems.
Many recent news have been on bug that would allow a remote user to access the administrative console of a Linksys router without logging in first, using port 8083, which is left open on many Linksys models. That remote-access management flaw allowed TheMoon worm to thrive on Linksys routers. SANS Institute’s Internet Storm Center (ISC) issued an alert Wednesday about incidents where Linksys E1000 and E1200 routers had been compromised and scanned other devices on network for vulnerabilities. Linksys is aware of the vulnerability in some E-Series routers and is working on a fix.
Just recently there was D-Link Router backdoor vulnerability discovered and Back door found in D-Link routers. The security vulnerability will allow full access into the configuration page of the router without knowing the username and password. All to get through the security checks is to change the user agent string of your web browser tool to a special value to access the router’s Web interface with no authentication. My D-link firewall teardown and vulnerability article has some more information. I also noticed another problem on an old DIR-100 D-link router as My firewall was a security risk that my ISP reported to me.
There is an even longer list of Linksys (and Cisco and Netgear) routers were identified in January as having a backdoor built into the original versions of their firmware in 2005 and never taken out. There is also list of Xyxel and Belkin security vulnerabilities at CVE Details. Pick practically any brand and you will most probably find something.
Home Routers Pose Biggest Consumer Cyberthreat article says that it might be simpler to call all home-based wireless routers gaping holes of insecurity than to list all the flaws in those of just one vendor. Nearly every router aimed at homes or small offices is an easy target for attack. It’s that small-office, home office (SOHO) routers are designed to be easy for the non-technical to use, but rich in features that depend on often complex networking protocols. There are series of papers on hacking embedded devices, especially wireless home routers. Routerpwn site is a compilation of exploits and key generators for modems, routers, ONTs and switches.
Why those products are so bad in security? The Internet of Things Is Wildly Insecure — And Often Unpatchable article by well known security expert Bruce Schneier gives a view why there are security problems so often on those cheap routers: Typically, these systems are powered by cheap specialized computer chips, and the profit margins slim. The chip manufacturers try to do as little engineering as possible before shipping. The system manufacturers don’t do a lot of engineering, either. The problem with this process is that no one entity has any incentive, expertise, or even ability to patch the software once it’s shipped. And the software is old, even when the device is new.
Besides programming errors there is one thing that makes me to wonder: why so many routers hidden back doors in them? Whey the manufacturers all the time put those hard-coded passwords that pass all the checks to their devices that are supposed to be secure. This kind of secrets will be revealed all too often. In this case the the secret was in firmware update packet in plain text inside the code.
Maybe you have to live with your existing router, so you might wonder what to do. How to secure your home router? Start by checking if your router model has a serious problems in it, and update the firmware on it if possible. The first configuration task is to disable the remote administration functionality if you don’t absolutely need it. Routers that are not configured for remote administration are not directly exposed to most attacks. If a router needs to be administered remotely, restricting access to the administrative interface by IP address will help reduce the risk. You will need to live with certain level of risk no matter what you do.