In-House Router Attacks
Attacks on home networking hardware have been rare, but are garnering more attention. Back in 2006, a couple of Indiana University researchers talked about how home routers could be attacked and used to steal personal information. Since then, the attack they described has shown up in the wild.
A simple attack might consist of nothing more than changing the DNS server used by the router -- which in itself can be used to leverage a whole slew of other attacks. A more complex attack could involve modifying the programming in the router to forward encrypted traffic, log passwords or make changes to the machines attached to the router by exploiting known security issues there.
Home routers are designed to be plugged in and used with minimal interaction. That makes any bugs in their design less obvious to casual users -- and all the more enticing to crackers, who pound on such devices constantly to find ways in.
The most malicious home router attacks require some degree of user participation to be pulled off -- for example, the British Telecom Home Hub exploit. Here, a piece of home-router hardware provided by BT was shown to have enough weaknesses that an attacker could do everything from remotely control the router to steal wireless encryption keys.
The word "participation" in this context simply means all a user has to do is be tricked into clicking on the wrong link. Other attacks may be much simpler -- e.g., guessing the router's password or forcing a denial-of-service attack that knocks the user offline.
Other network devices can also be vulnerable. Joshua Wright, senior security analyst with InGuardians, recently wrote about the Verizon MiFi, a battery-powered 802.11b/g access point that lets you share an EV-DO connection across Wi-Fi-enabled devices. He was able to crack the device's security with the same gamut of tools used for conventional Wi-Fi cracking, provided the device's default password hadn't been changed. (Another reason to do exactly that.)
When you set up a new router, do four things:
1. Reset it to its factory state, even if you think it's fresh out of the box.
2. Update it with the latest firmware available for the device.
3. Reset the default password (and use a secure password that doesn't just consist of a single word that can be found in the dictionary or easily guessed).
4. Turn off all features that allow the device to be administered from anything other than another device plugged directly into the router.
The above advice goes double if you pick up a used router from someone else -- those should be flushed and reconfigured from scratch. Also, any wireless router that doesn't support WPA or WPA2 should be taken out of service if at all possible, or used for wired connections only. WEP passwords can be cracked in minutes; full tutorials for how to do this are readily available. WPA should also be toughened by setting the key interval to a relatively short period of time (20 minutes or less).
Finally, bear in mind that your router's firmware should be checked for updates the same as any other piece of software. And because this typically isn't something that can be automated, end users have to make the time to do it themselves. It's a good idea to set a reminder in your calendar to check for updates every three or four months.
In the end, computer security is an arms race. No matter what operating system, browser, or applications you run, you're always going to find some new danger nipping at your heels. The best weapon in such an arms race is a little knowledge, which can go a long way.
Serdar Yegulalp has been writing about computers and information technology for over 15 years for a variety of publications, including InformationWeek and Windows Magazine.
This story, "7 Common Targets of Stealth Threats" was originally published by Computerworld.