Security researchers have long warned that home and office routers can be a malicious hacker’s entryway into a computer system. But router security has long been overlooked or ignored by consumers and manufactures alike.
Over the past year, a team of hackers invaded more than 100,000 home routers around the world, gaining access to the devices through weak and default passwords.
But they weren’t out to swipe users’ personal information or infect computers with malicious software. Quite the opposite. They set out to rid insecure routers of malware and in the process make them safer.
The vigilante techies, who recently revealed themselves as the White Team when they published their source code on GitLab, developed their Linux.Wifatch software in part to prove how easy it is to compromise small office and home routers.
Making matters worse, the router is often the last piece of hardware that is updated or replaced, as it’s often hidden away and forgotten in cabinets and closets.
Yet, these devices act as gateways between an individual or businesses’ devices and the Internet, making them crucial components in even the smallest home networks. When routers are compromised or aren’t secure, malicious hackers can infect them with malware, reengineer routers to direct user to spam sites, or take them over for use in distributed denial of service, or DDoS, attacks to overwhelm targets’ networks with Web traffic.
“There are routers that have spent years on the market and haven’t seen a single security update,” says Jan-Peter Kleinhans, program manager of the European Digital Agenda Program at the stiftung neue verantwortung (New Responsibility Foundation) in Berlin.
What’s more, says Michael Horowitz, a computing expert who launched RouterSecurity.org earlier this year, consumer-grade routers are attractive targets to criminal hackers because they are passing along any information from within a home network 24-hours a day. As a result, many criminal hackers use technology that can constantly scan nearby routers, looking for default passwords and other vulnerabilities.
The problems with routers is so widespread that nearly 75 percent of Amazon’s top 50 best-selling home and small office routers have security vulnerabilities, according to research in 2014 by software company Tripwire.
First Published in CSM.