Your home is not just bricks and mortar anymore – it is becoming a connected web of technology that needs to be protected. Every new smart ‘thing’ we bring into our homes – be it just a simple smart meter or Amazon’s Alexa – increases the number of devices connected via our internet router and, as a result, the opportunity grows for hackers to gain access to homes grows.
You only have to look at recent attacks to see how devastating the consequences of not securing internet-connected devices can be. For example, this time last year we witnessed the largest DDoS attack ever known. This was caused by the Mirai botnet – which is made up of a large number of internet-connected devices, including home routers – generating massive amounts of bogus traffic to swamp targeted servers and thus essentially bring down much of the internet.
It’s argued that some of the successful attacks against routers are due to the use of default passwords which, for most devices, are widely known. In fact, ESET researchers revealed that out of 12,000 home routers they checked, 15% used weak passwords, with “admin” often left as the username.
Securing the foundations
With this in mind, better security of your internet router is one of the simplest ways in which you can cyber-safeguard your home, and the technology you keep there. The router is essentially the foundation of the connected home, so this year during European Cyber Security Month, take time to follow these four simple steps:
- Invest in the right router: Read online reviews of routers before purchase and look for easily-used security features. WEP encryption was broken long ago, and the recent WPA2 encryption attack known as KRACK has shown that WEP’s replacement may be vulnerable too. Although few routers — most commonly found in homes — needed updating because KRACK-affected client-side WPA2 implementations, some devices did need updating and many older devices were stranded by their vendors.
- Always update the firmware: It’s easy to forget to check your router for security updates. You may not get prompted to do this as soon as updates become available so it’s well worth the effort to make sure you’re signed up to the vendor’s alert list to remind you to check for any updates. Consider such updatability issues when choosing a router, as the next WPA2 flaw may require a router update. When considering how important your router is in protecting your home, an extra $20-30 now, for a well-supported brand who will still ship updates for today’s devices a couple of years’ time is a better investment than having to bin a cheaper device and buy a new one to fix that next vulnerability.
- Disable Universal Plug and Play (UPnP) on your router: The majority of people won’t need to use router UPnP, in which case it’s good practice to disable this option in your router settings. The feature allows people to access your network without authentication so it’s best to disable it where possible.
- Turn off remote management: To avoid hackers changing the settings on your router via remote access, turn off wireless remote management. This means that physical access to the router is required in order to change many settings.
As we introduce more devices into our homes, security has to be front of mind. You are fundamentally adding more windows and doors for hackers to push to gainaccess to your home and, just as you lock your front door, you need to lock down these virtual access points too. Security is essential to anything, especially our routers, and it’s important that we ensure that the Internet of Things doesn’t instead become the Ransomware of Things instead.
If you are worried about your own situation, the guys over at bleepingcomputer.com have produced a useful list of companies that have already supplied a patch to their customers.
Author Editor, ESET