1. Home
  2. General Telecommunications Forum
  3. Security expert calls home routers a clear and present danger

Security expert calls home routers a clear and present danger

Security expert calls home routers a clear and present danger In Black Hat Q&A, In-Q-Tel CISO says home routers are "critical infrastructure."

by Sean Gallagher Aug 6 2014 Ars Technica

LAS VEGAS-During his keynote and a press conference that followed here at the Black Hat information security conference, In-Q-Tel chief information security officer Dan Geer expressed concern about the growing threat of botnets powered by home and small office routers. The inexpensive Wi-Fi routers commonly used for home Internet access-which are rarely patched by their owners-are an easy target for hackers, Geer said, and could be used to construct a botnet that "could probably take down the Internet." Asked by Ars if he considered home routers to be the equivalent of critical infrastructure as a security priority, he answered in the affirmative.

...

formatting link

***** Moderator's Note *****

I'm surprised that Mr. Geer didn't mention that most of the risk may be ameliorated simply by turning off Internet access to the router's control panel.

Bill Horne Moderator

Reply to
Monty Solomon
Loading thread data ...

I think most of the routers I've used have it disabled by default. And when you enable it, it doesn't use the same default username/password as is available from the LAN.

Reply to
Barry Margolin

But that's not the exploit. The problem is that the consumer routers may have bugs that allow attacking from outside (e.g., via strangely-formed packets that overflow a buffer), and their software is usually not patched once the model is no longer current.

I use MikroTik routers now. They're not expensive, and they are incredibly powerful for small machines. And they keep updating the software, which runs across a wide range of current and older models. However, they're also not designed for consumer installation; they're not well documented, and all that power assumes serious expertise. Even with the decent GUIs they now have.

They're mostly installed by ISPs; someone there usually becomes expert at MikroTik's software, RouterOS, and comes up with a configuration. We use also RouterOS as a serious firewall, the kind with lots of custom rules, not the simple home kind.

Reply to
Fred Goldstein

That may not be enough, experienced ample enough times, with "hidden" back doors (until the hacker discovers them) with no user control over who can access what, and/or hard coded admin username/passwords with no user control or view that they exist.

This is addition to test-ports that are baked into ADSL routers, like the telco spec TR-067 where the ISP can remotely trigger firmware updates, testing, etc.

Reply to
Doug McIntyre

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.