Wi-Fi Routers Easy Access for Hackers

Jasmina Lozevska April 18, 2013 0


This is not something that is unclear to any of us but recent research from a firm called Independent Security Evaluators has some interesting theories. They said that popular wi-fi routers can be easily hacked and unfortunately there isn’t much you can do about it.

The report has been written by ISE of Baltimore and they have found that 13 most popular routers can be exploited by moderate skilled hacker with WLAN or LAN access. All of the 13 evaluated routers can be breached over local network. Four of them are requiring management session which is active, eleven of them can be breached over WAN with two of these 11 don’t require active session.

Steve Bono who is a CEO of the company, stressed that nobody’s completely safe.

Before you are all judgmental over this and say that wireless router hacking is to mainstream and really rare read this – two years ago 4.5 million DSL modems in Brazil were attacked. This affected 6 hardware manufacturers, 40 DNS malicious servers and 2 malicious scripts in order to make the attack. The goal was stealing credit card and bank information.

Yesterday, ReadWrite made a report on “wireless router hacking” topic which was based on a fragment from a research from Rapid7 (security firm). Ted Harrington, a marketing head in ISE, announced that they have included all the new findings in their report. He explained that this is not something to be excluded as it can turn to something more serious. He added that through the wireless router, you can find out every confidential doc, photos, passwords, credit card numbers and pretty much everything else. He noted that later on, they will release a statement from a study which will include basic information about the best practice of the community. It will give the vendors a certain chance to respond and resolve the vulnerabilities.

Darren Kitchen, a founder of Hak5 security service, has said that he is not surprised from this research. All the routers are made in China and Taiwan and they are rushing it just to make the proper sales. There isn’t any consumer security demand included and it’s not something that we will see in near future, he added.

router_hack


In their study, ISE has found the wireless routers are vulnerable to these attacks:

  • Trivial attacks: These can be launched against the wireless routers directly without any credential access or human interaction.
  • Unauthenticated attacks: These attacks require some slight form of human interaction. This form can be packed in some malicious link or unsafe page for browsing. This attack doesn’t require active session.
  • Authenticated attacks: These attacks require the attacker’s access to credentials or need the user to be logged in with active session at the very same time of the attack.

In order to get the proper results, these attacks have been performed under remote adversary and local adversary situations. The local adversary is a threat which is connected to the router by Wi-Fi, while the other adversary is a threat which is not connected.

The routers which were tested include Netgear WNDR4700, Linksys WRT310Nv2, TP-Link WR1043N, Belkin N300 and N900, and Verizon Actiontec. Maybe your router wasn’t included but according to Heffner, that doesn’t mean you are safe and your router can’t be hacked.

We can notice several caveats from this – some attacks like “Client-side” were calculated as fair game attacks as long as they are based in JavaScript and HTML and running on a browser. The wireless routers were not tested for all the remaining vulnerabilities and none of the tested routers had the features of remote administration which was activated by default. This means only one thing, besides the controlling the modern routers while no active network connection, that feature hasn’t be made active by default. Manually activating of this service will decrease the security level of the wireless router. Before this test was made, all the routers were upgraded to their latest available version.

As we said earlier, all the analysts said that there is not so much you can do about this. But someone did mention that if you set your router on a proper way there is a slight chance of hacking it. Jake Thompson, analysts from ISE, has indicated some tips, which were obvious ones, about changing your password credentials on a short period of time and changing the default username of the router. Since every router doesn’t give you option for changing the default username, he added that he recommends using the WPA2 protocol for security instead of WEP protocol.

I’m not very sure that this will help too, but you can give it a try. You need to do everything in order to protect yourself from information theft.

Recommended Products

 

Leave a Response»

css.php