Protecting Home Networks: Start by Securing the Router

View Securing Home Routers: Understanding Attacks and Defense Strategies

Home router manufacturers are adding more features—telephony services, wireless access points, VPN, User Access Control (UAC) to name a few—to their routers so they can contend with the proliferation of multi-functional Internet of Things (IoT) devices. Similar to small servers, multiple types of information from different devices pass through home routers. With this increasing complexity, more security risks are introduced within different levels, from the router’s operating system (OS) and management to its hardware and web applications.

The mounting risks are only compounded by the fact that routers have had a security problem for years. Home routers are major targets for malicious actors, and we have seen cybercriminals increasingly turn their focus to these devices.

The effects of a compromised router

A compromised home router can open up the user to significant consequences: information or even identity theft, malicious sites and advertisements, VoIP fraud, and more.

Cybercriminals can also profit by using compromised home routers in for-profit distributed denial-of-service attacks (DDoS) or as part of a rented botnet. Botnets have become quite profitable—renting a botnet of 100-150 bots per day cost €95 (or US$102.19), based on a listing in the French underground in 2016.

Users whose compromised routers are turned into bots are only minimally affected in terms of bandwidth resources. While they might not even notice that their routers are being used for illicit purposes, the effects are serious and widespread. Services and businesses hit by a DDoS attack have to contend with possible monetary loss, damaged reputations, and of course, service disruptions for their customers. Last year major sites like Twitter, Reddit, CNN, and Netflix were affected by this.

Compromised users are unwittingly involved, but can take some effective steps to prevent such attacks by securing their home routers.

[READ: Securing Your Home Routers: Understanding Attacks and Defense Strategies]

Threats to home routers and how to defend against them

1. Malicious actors commonly abuse the default passwords on IoT devices, as we’ve seen recently with the IP camera-targeting botnet Persirai. Routers are in a similar situation as they are devices built and configured for ease-of-use—shipped with minimal security features and default passwords. A lot of routers also have built-in remote management features that can be used to modify the router’s settings.

To manage these risks, users should:

• Choose a reliable router. Fully securing a home router is a technical task, so it is best to start with equipment that already has top-notch security features and is free of any malware. Avoid routers that are included with internet plans and do not buy used ones—they may already contain unsecured or malicious configurations. Instead, invest in a reliable home router from a trusted vendor. A lot of commercially available routers have built-in security features—like web threat protection and the ability to detect malicious network traffic—and are protected against backdoors and other malware.
• Always change default passwords. After choosing a reliable home router, the next step involves changing the default credentials. Keep in mind that some routers have user access controls that allow multiple log-in accounts, usually labelled “admin” and “user”, that are paired with default passwords. Change the passwords, and use one that is 20+ characters long for wireless access. Also, choose Wi-Fi Protected Access (WPA)2- Advanced Encryption Standard (AES) as your home router’s wireless encryption scheme.
  
  

2. Malicious actors are also constantly probing and finding new vulnerabilities in home router’s systems. They can easily use an online tool to find susceptible routers—there is a well-known public search engine that lists known vulnerabilities that can be exploited.

Users can protect themselves from known vulnerabilities by:

• Staying updated. Home router manufacturers package a router’s firmware with an OS, drivers, service daemons, management programs, and default configurations—all of which require regular updating. It is highly recommended that users apply the latest patches provided by the vendor, since unpatched vulnerabilities are a popular entry point for threats.
• Changing settings on the management access page. Fully protecting your home router requires users to log in to the management access page and perform these steps:

3. Mirai and similar malware are evolving and leverage new techniques—recently they started to use different ports to compromise Linux-based firmware, including routers. Malicious actors also continue to use malware targeting DNS settings on routers. In 2015 we discussed malware that redirected affected users to malicious sites by tampering with the DNS settings on the router. And last year we saw that mobile devices were being used to execute DNS malware against home routers.

Aside from mentioned best practices like using strong passwords, using non-default IP addresses, and turning off remote management features, users can mitigate this threat by: 

• Checking DNS settings. Regular checking of a home router’s DNS settings can help mitigate security risks. To do this, log in to the admin page of the home router and search for the DNS settings. A user can discover which DNS servers’ IP addresses the home router is forwarding queries to. With this information, sites like WHOIS can help users determine if the IP addresses are malicious. Unfortunately, website-based tests may not be reliable once a home router has been compromised.

Aware and taking action against these mounting threats to users, Trend Micro partnered with ASUS to create a more secure home router. ASUS wireless home routers are now pre-installed with the Trend Micro™ Smart Home Network solution, which has web protection and deep packet inspection capabilities.