Old Routers Are Targets For Hackers

Internet security experts are warning that old routers are targets for cyber-criminals who find them an easy hacking option.

How Big Is The Threat?

Trend Micros have reported that back in 2016 there were five families of threats for routers, but this grew to 35 families of threats in 2018. Research by the American Consumer Institute in 2018 revealed that 83 per cent of home and office routers have vulnerabilities that could be exploited by attackers.  These include the more popular brands such as Linksys, NETGEAR and D-Link.

Why Are Old Routers Vulnerable?

Older routers are open to attacks that are designed to exploit simple vulnerabilities for several reasons including:

• Routers are often forgotten about since their initial setup and consequently, 60 per cent of users have never updated their router’s firmware.
• Routers are essentially small microcomputers.  This means that anything that can infect those can also infect routers.
• Many home users leave the default passwords for the Wi-fi network, the admin account associated with it, and the router.
• Even when vulnerabilities are exposed, it can take ISPs months to be able to update the firmware for their customers’ routers.
• Today’s routers are designed to be easy and fast to work straight out of the box, and the setup doesn’t force customers to set their own passwords – security is sacrificed for convenience.
• There are online databases where cyber-criminals can instantly access a list of known vulnerabilities by entering the name of a router manufacturer. This means that many cyber-criminals know or can easily find out what the specific holes are in legacy firmware.

What If Your Router Is Compromised?

One big problem is that because users have little real knowledge about their routers anyway and pay little attention to them apart from when their connection goes down.  It is often the case, therefore, that users tend not to know that their router has been compromised as there are no clear outward signals.

Hacking a router is commonly used to carry out other criminal and malicious activity such as Distributed Denial of Service attacks (DDoS) as part of a botnet, credential stuffing, mining bitcoin and accessing other IoT devices that link to that router.

Examples

Examples of high-profile router-based attacks include:

• The Mirai attack that used unsecured routers to spread the Mirai malware that turned networked devices into remotely controlled "bots" that could be used as part of a botnet in large-scale network attacks. 
• The VPNFilter malware (thought to have been sponsored by the Russian state and carried out by the Fancy Bear hacking group) that infected an estimated half a million routers worldwide.
• The exploit in Brazil spread across D-Link routers and affecting 100,000 devices, aimed at customers of Banco de Brazil.

Also, back in 2017, Virgin Media advised its 800,000 customers to change their passwords to reduce the risk of hacking after finding that many customers were still using risky default network and router passwords.

Concerns were also expressed by some security commentators about TalkTalk’s Super Router regarding the WPS feature in the router always being switched on, even if the WPS pairing button was not used, thereby meaning that attackers within range could have potentially hacked into the router and stolen the router's Wi-Fi password.

What Does This Mean For Your Business?

If you have an old router with old firmware, you could have a weak link in your cyber-security.  If that old router links to IoT devices, these could also be at risk because of the router.

Manufacturers could help reduce the risk to business and home router users by taking steps such as disabling the internet until a user goes through a set up on the device which could include changing the password to a unique one. 

Also, vendors and ISPs could help by having an active upgrade policy for out of date, vulnerable firmware, and by making sure that patches and upgrades are sent out quickly.

ISPs could do more to educate and to provide guidance on firmware updates e.g. with email bulletins.  Some tech commentators have also suggested using a tiered system where advanced users who want more control of their set-up can have the option, but everyone else gets updates rolled out automatically.