Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Your router: Gateway for hackers

Taylor Armerding | Aug. 17, 2015
It is generally accepted in IT that the weakest link in the security chain is the fallible and frequently careless human.

If there is any promising news to report, it is that there seems to be a growing awareness among developers and manufacturers that there is a problem.

"IoT (Internet of Things) devices in general are starting to focus more on easy firmware updates automated processes that don't require user intervention, and overall longevity of hardware updates," Stanislav said.

"This will, ideally, trickle down into the SOHO router market eventually. As design patterns and technical challenges are overcome, disseminating updates quickly will become easier for manufacturers."

Gettys said he is hearing behind the scenes that there may be some improvements, "in not-yet-announced products; but I leave that to the manufacturers and service providers announcements to come.

"But even with these glimmers of hope, I'm discouraged, as the economic foundation of the problem has not changed," he said, adding that changes in the law making the manufacturers of routers liable for security breaches is the only solution.

"The idea that someone can ship a product and not have any liability for even basic maintenance and upgrade of the software it contains for its expected lifetime must change," he said. Without it, "new entrants who do a better job won't see a reward, and will have higher costs"

Stanislav said he has seen some vendors, "take a more cloud-based approach, where updates are an ongoing process that require less user intervention. But that can create new problems, especially if the user is unaware of the firmware being updated.

"We saw some outrage in 2012 for this type of auto-upgraded firmware from Linksys. This is a balancing act that vendors are still figuring out how to weigh," he said.

Until major improvements occur, experts collectively recommend a number of steps consumers can take that won't solve the problem entirely, but will make them less of a target than the average user:

  • Change the default password to one that is unique, long and complex.
  • If it is impossible to upgrade your router, buy a new one that does allow it. According to Munro, "the open-source community has offered alternatives for users by creating projects such as OpenWRT and Tomato, which provide open-source firmware to replace the vendor's on common hardware platforms." But, implementing them, "requires a reasonable level of IT skill," he said.
  • Make sure that uPnP (Universal Plug and Play) is off.
  • Read the manual, and turn off or disable other features you may not need.
  • If your Internet service provider offers a combined router/modem, this could pass some of the responsibility for hardware updates onto it.
  • If you have the expertise, install OpenWRT. "But that's not something grandma and grandpa will be capable of," Gettys said.

 

Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.