Router security 101, WPA2 not foolproof, Security not optional when buying or using routers, Any router can be hacked, CNET warning from 2013 goes unheeded


Router security 101, WPA2 not foolproof, Security not optional when buying or using routers, Any router can be hacked, CNET warning from 2013 goes unheeded

 

 

Computer system security, especially in regard to internet access, is in the forefront of technical and business reporting.

We are constantly being told about major corporations being hacked and sensitive data being breached.

Target and Sony are some of the more prominent examples.

What is less conspicuous is the hacking of routers, used by businesses and many homeowners.

From setting up my own routers I was aware of important details when configuring them.

What I was not so aware of is the frequency of router hacking and just how vulnerable they are.

A friend of mine owns a coffee shop in NC. Recently 2 of his routers were hacked. He knew this because of performance and setup problems and ultimately by confirmation from the tech support at Linksys.

Of course this has more far reaching consequences such as potential compromise of customer debit and credit card information.

And don’t forget, when you are using someone’s WIFI internet access, you should be mindful of this fact and probably not enter or access important information while using their router.

From what I have uncovered from research over the past several days, this problem has not been taken seriously enough by the public and router manufacturers.

A great article from CNET in 2013 explains the extent of the problem and provides a clear warning.

From CNET April 17, 2013.

“Top Wi-Fi routers easy to hack, says study
The most popular home wireless routers are easily hacked and there’s little you can do to stop it, says a new study by research firm Independent Security Evaluators.”

“The Wi-Fi router you use to broadcast a private wireless Internet signal in your home or office is not only easy to hack, says a report released today, but the best way to protect yourself is out of your hands.

The report, written by research firm Independent Security Evaluators of Baltimore, found that 13 of the most popular off-the-shelf wireless routers could be exploited by a “moderately skilled adversary with LAN or WLAN access.” It also concludes that your best bet for safer Wi-Fi depends on router vendors upping their game. All 13 routers evaluated can be taken over from the local network, with four of those requiring no active management session. Eleven of the 13 can be taken over from a Wide-Area Network(WAN) such as a wireless network, with two of those requiring no active management session.”

“Before you dismiss router hacks as exceptionally rare, it’s important to note that they’ve been a small but growing segment of computer security threats. In 2011, one firmware vulnerability affecting six hardware manufacturers combined with two malicious scripts and 40 malicious DNS servers to attack 4.5 million Brazilian DSL modems, with the goal of stealing bank and credit card information.

Craig Heffner, a vulnerability analyst at Maryland-based Tactical Network Solutions, said that he isn’t familiar with the Brazil story but isn’t surprised by it. “In a lot of countries, there’s only one or two ISPs, and you get whatever router they give you,” he said. “They often enable remote administration by default, so any vulnerability would be amplified.”

And just yesterday, ReadWrite reported on wireless router hacking, based in part on research conducted by security firm Rapid7. ISE’s study, while similar, reports “all-new findings,” said ISE’s marketing head, Ted Harrington.

Harrington further explained why router hacking could turn into a big problem. “What’s notable about this is that if you compromise the router, then you’re inside the firewall. You can pick credit card numbers out of e-mails, confidential documents, passwords, photos, just about anything,” he said.

He added that ISE plans to release additional information from the study in the coming weeks, following the routine security community best practice of giving vendors a chance to respond to vulnerabilities that have been uncovered before publishing them.

“We notified all vendors about all vulnerabilities that we found,” said ISE security analyst Jake Holcomb. “We’re in the process of receiving Common Vulnerability and Exposure (CVE) numbers” for tracking information security vulnerabilities.

Some vendors, Holcomb said, got back to ISE quickly and had beta firmware with fixes ready to test within 72 hours. “Other vendors escalated their Tier 1 support up the chain but we never heard back from them,” he said.”

Read more

I have been referring to PC Magazine in print and on the internet for 30 years. They have some pretty good reviews. However, the following article on purchasing routers is an example of downplaying the importance of security.

From PC Magazine January 31, 2014.

“First, ask yourself how high-end you want to go with a router. If you need nothing more than to create a wireless network, you can get away with a fairly cheap router—spending less than $100 should do. If you want extras such as security, parental controls, and the ability to connect USB printers and external storage drives for sharing data, you’ll want to look at higher-priced premium routers.

What Type of Security?
Most of the newer routers support the highest level of security, WPA2. If in the market for a new router, make sure it supports WPA2.”

Read more

“extras such as security”

Really??

Selecting WPA2 for security is important. However, apparently, WPA2 scurity and the latest firmware cannot be counted to stop hackers.

Just this morning I was discussing this with a friend who owns a tax/accounting business.

Forget the bells and whistles that PC Magazine focused on.

When I am purchasing a router, I first want it to be reliable, i.e, keep functioning and be secure.

I spoke to another friend a few hours ago. He is charge of network security for a NC company. In college he was taught to expect routers to be hacked.

Here are some more warnings and useful precautionary steps.

From Tom’s Guide.

“Your Router’s Security Stinks: Here’s How to Fix It”

“Earlier this year, a router worm called TheMoon used the HNAP protocol to identify vulnerable Linksys-brand routers to which it could spread itself. (Linksys quickly issued a firmware patch.)

“As soon as you get home, this is something you want to do with all your routers,” Horowitz told the tech-savvy crowd. “Go to /HNAP1/, and, hopefully, you’ll get no response back, if that’s the only good thing. Frankly, if you get any response back, I would throw the router out.”

The WPS Threat

Worst of all is Wi-Fi Protected Setup (WPS), an ease-of-use feature that lets users bypass thenetwork password and connect devices to a Wi-Fi network simply by entering an eight-digit PIN that’s printed on the router itself. Even if the network password or network name is changed, the PIN remains valid.

“This is a huge expletive-deleted security problem,” Horowitz said. “That eight-digit number will get you into the [router] no matter what. So a plumber comes over to your house, turns the router over, takes a picture of the bottom of it and he can now get on your network forever.”

That eight-digit PIN isn’t even eight digits, Horowitz explained. It’s actually seven digits, plus a final checksum digit. The first four digits are validated as one sequence and the last three as another, resulting in only 11,000 possible codes instead of 10 million.

“If WPS is active, you can get into the router,” Horowitz said. “You just need to make 11,000 guesses” — a trivial task for most modern computers and smartphones.””

“Regardless of whether a router is commercial- or consumer-grade, there are several things, varying from easy to difficult, that home-network administrators can do to make sure their routers are more secure:

Easy fixes

Change the administrative credentials from the default username and password. They’re the first things an attacker will try.

Change the network name, or SSID, from “Netgear,” “Linksys” or whatever the default is, to something unique — but don’t give it a name that identifies you.

“If you live in an apartment building in apartment 3G, don’t call your SSID ‘Apartment 3G,'” Horowitz quipped. “Call it ‘Apartment 5F.'”

Enable WPA2 wireless encryption so that only authorized users can hop on your network.

Disable Wi-Fi Protected Setup, if your router lets you.

Set up a guest Wi-Fi network and offer its use to visitors, if your router has such a feature. If possible, set the guest network to turn itself off after a set period of time.

“You can turn on your guest network, and set a timer, and three hours later, it turns itself off,” Horowitz said. “That’s a really nice security feature.”

Do not use cloud-based router management if your router’s manufacturer offers it. Instead, figure out if you can turn that feature off.

“This is a really bad idea,” Horowitz said. “If your router offers that, I would not do it, because now you’re trusting another person between you and your router.”

MORE: 7 Computer-Security Fixes to Make Right Now

Moderately difficult

Install new firmware when it becomes available. Log into your router’s administrative interface routinely to check. With some brands, you may have to check the manufacturer’s website for firmware upgrades. But have a backup router on hand if something goes wrong.

Set your router to use the 5-GHz band for Wi-Fi instead of the more standard 2.4-GHz band, if possible and if all your devices are compatible.

“The 5-GHz band does not travel as far as the 2.4-GHz band,” Horowitz said. “So if there is some bad guy in your neighborhood a block or two away, he might see your 2.4-GHz network, but he might not see your 5-GHz network.”

Disable remote administrative access, and disable administrative access over Wi-Fi. Administrators should connect to routers via wired Ethernet only.

Advanced tips for more tech-savvy users

Change the settings for the administrative Web interface, if your router permits it. Ideally, the interface should enforce a secure HTTPS connection over a non-standard port, so that the URL for administrative access would be something like, to use Horowitz’s example, “https://192.168.1.1:82″ instead of the more standard “http://192.168.1.1″.

Use a browser’s incognito or private mode when accessing the administrative interface so that your new URL is not saved in the browser history.

Disable PING, Telnet, SSH, UPNP and HNAP, if possible. Instead of setting relevant ports to “closed,” set them to “stealth” so that no response is given to unsolicited external communications that may come from attackers probing your network.

“Every single router has an option not to respond to PING commands,” Horowitz said. “It’s absolutely something you want to turn on — a great security feature. It helps you hide. Of course, you’re not going to hide from your ISP, but you’re going to hide from some guy in Russia or China.”

Change the router’s Domain Name System (DNS) server from the ISP’s own server to one maintained by OpenDNS (208.67.220.220, 208.67.220.222, 208.67.222.220, 208.67.222.222) or Google Public DNS (8.8.8.8, 8.8.4.4).

Use a virtual private network (VPN) router to supplement or replace your existing router and encrypt all your network traffic.

“When I say VPN router, I mean a router that can be a VPN client,” Horowitz said. “Then, you sign up with some VPN company, and everything that you send through that router goes through their network. This is a great way to hide what you’re doing from your Internet service provider.”

Finally, use Gibson Research Corp.’s Shields Up port-scanning service athttps://www.grc.com/shieldsup. It will test your router for hundreds of common vulnerabilities, most of which can be mitigated by the router’s administrator.

Follow Paul Wagenseil at @snd_wagenseil. Follow Tom’s Guide at @tomsguide, on Facebook and on Google+.”
Read more