“Routers” are essential for “Wi-Fi” connections, as millions of new devices are installed in homes and workplaces every day. According to an analysis carried out by Kaspersky, over 500 vulnerabilities were discovered in routers in 2021, including 87 critical ones.
Threats from vulnerable “routers” affect both households and organizations, as they are not limited to email breaches and may even affect the physical security of the home. Despite this, people rarely think about the security of their devices.
According to the research, 73% of users have never thought to upgrade or secure their router, making it one of the biggest threats affecting the “Internet of Things” today. Here, Kaspersky experts explain what threats router vulnerabilities can pose and how users can protect themselves.
The “router” is the hub of an entire home network, through which all the elements of a “smart” home have access to the Internet and exchange data. By infecting the “router”, attackers gain access to the network through which data packets are transmitted. Using this, they can install malware on connected computers to steal sensitive data, private photos, or business files; possibly causing irreparable damage to the victim. Through the infected “router”, the attacker can also redirect users to “phishing” pages that are “disguised” as frequently used “webmail”, or online banking services. Any data they enter on these pages —be it their email login and password, or bank card details— will immediately fall into the hands of fraudsters.
Since 2010, the number of vulnerabilities detected in “routers” has been steadily increasing: In 2020, the number of vulnerabilities discovered increased to 603; about 3 times more than the previous year. In 2021, the number of vulnerabilities discovered remained nearly as high; 506. Of all vulnerabilities —discovered in 2021— 87 were critical. Critical vulnerabilities are the most unprotected “holes” through which an attacker can penetrate a home or corporate network. Such vulnerabilities may allow an attacker to bypass authentication, send remote commands to a router, or even disable it. In this way, operators can steal data, or files, transmitted through an “infected” network; be it personal photos, private information, or even business contracts, sent in “email”. Number of router vulnerabilities according to “nvd.nist.gov, 2010”; May 2022.
Although researchers are now raising awareness of many more vulnerabilities being found compared to the past, “routers” remain one of the most insecure devices. One of the reasons for this is that not all sellers are in a hurry to eliminate risks. Almost a third of the critical vulnerabilities discovered in 2021 remain without any response from vendors: no patch has been issued, or commentary with advice from them. Still, 26% of such vulnerabilities received only a comment from the company; which, most often, includes recommendations to contact technical support.
Along with increased attacker activity, consumers and small businesses lack the expertise, or resources, to detect, or understand, a threat before it is too late. For example, as reported, 73% of users have never considered upgrading or securing their “router”, making it one of the biggest threats affecting the “Internet of Things” today. This is especially dangerous when “routers” are used in sensitive environments; such as hospitals, or government buildings, where a data leak could have a potentially serious impact.
“Despite the speed with which technology is coming into our lives, the level of cyber security has not kept pace. Many employees have been working from home for the past two years, but the security of “routers” has not improved in that time; they are still rarely updated. Therefore, the risk of “router” vulnerabilities being exploited by cybercriminals remains a concern in 2022. What is important is to prevent a threat as early as possible, as people usually discover an attack when it is too late; after the money has already stolen”,
comments Maria Namestnikova, Head of the Russian Global Research and Analysis Group (GReAT) of Kaspersky.
“When buying a “router”, network security should be as much a priority as data transfer speed and price. Read reviews and note how quickly the manufacturer resolves reported issues. And don’t forget to update your router once the developer releases a patch to avoid losing sensitive data and money.”
To protect your “router” from cybercriminal attacks, Kaspersky recommends:
- Buying second-hand smart devices is an unsafe practice. Their firmware could have been modified by previous owners to give a remote intruder complete control of your “smart” home.
- Don’t forget to change the default password. Prefer a compound and change it regularly.
- Do not share serial numbers, “IP” addresses, or other sensitive information about your “smart” devices on social networks.
- Use “WPA2″ encryption; it is the most secure for data transfer.
- Disable remote access in “router” settings. If remote access is still required, you should disable it when not in use.
- For more security, you can choose a static “IP” address and disable “DHCP”, as well as protect “Wi-Fi” with a “MAC” filter. These actions lead to having to configure —manually— the connection of various additional devices to the “router”, so that the process becomes longer and more complicated. However, it will be much more difficult for an attacker to penetrate the local network.
- Be informed and always check the latest information about discovered router vulnerabilities. Having decided to purchase a particular application or device, be sure to stay informed about updates and vulnerability detection. Install all updates released by developers in a timely manner.
- Consider installing a dedicated security solution that can help protect your home network and all connected devices.
(Συνολικές Επισκέψεις: / Total Visits: 13)
(Σημερινές Επισκέψεις: / Today's Visits: 1)