Protecting Our Routers: Why a Password Change or Software Update is Just Not Enough

In today’s increasingly connected world, the IoT and specifically, its networks, are at the center of growth. Nowadays, you’d be hard-pressed to find a commercial, residential or even public outdoor area that does not have at least one router on a network. Homes, businesses, cities, and public infrastructure are all using WiFi, and it is not uncommon to see even basic home routers with multiple devices sitting on them at a time. But with millions of new routers being set up daily comes an increased security risk – and hackers and cyber terrorists are taking note.

Routers are notoriously known for their vulnerability and susceptibility to attack. According to a 2018 quarterly report from security firm eSentire, the group found a 539% increase in attacks targeting routers since 2017, and research from the American Consumer Institute (ACI) found that five out of every six, or 83%, of WiFi routers in US homes and offices leave their users at risk of cyberattacks, due to inadequately updated firmware for security vulnerabilities.

Many attackers will enter unsecured routers by remotely gaining access to the device, often via the CPU, and then installing malware that can then be used to collect data, gain access to additional routers, and cause irreparable damage to the device. In 2018, hackers conducted such an attack on a large-scale with the VPNFilter malware attack that infected over 500,000 consumer routers globally, calling special attention to the damage that can be inflicted when malware is permitted to manipulate the software of a router, rendering devices inoperable and allowing personal data and credentials to be stolen.

Other recent attacks and vulnerabilities such as the TP-Link Router Zero-Day Bug and the Thangrycat bug,  are examples of the hardware and software-based methodology in which hackers are accessing and manipulating routers. In both instances, hackers leveraged existing vulnerabilities found in routers to execute arbitrary commands on devices to remotely gain access to the device’s firmware, or to gain root access to the router to disable its vulnerable Trust Anchor. By accessing the device and its firmware, attackers are able to not only manipulate the device itself, but also the network as a whole, exposing other devices that sit on it.

With new bugs and vulnerabilities being exposed on what seems like a weekly basis, it has become clear that router security is among the biggest threats impacting the IoT and connected edge devices today. The danger and impact of such attacks is particularly impactful on consumers or small businesses and extends beyond the use of personal-use routers to routers used in hospitals, government buildings, and other sensitive environments where the data to be manipulated could have potentially severe impact.

In order to ensure that routers are protected at both the software and hardware level, as well as on the network, it is imperative for new cybersecurity solutions to be implemented. It is not enough to protect the memory and the firmware. Unfortunately, firmware needs regular updates to stay secure and working properly. Over-the-air (OTA) updates are equally problematic because the OTA solutions are based on software agents in the CPU and cloud services that deploy the updated images.

One consideration is a cloud-to-flash protection approach, that blocks access to firmware, boot images and critical code through a hardware-root-of-trust in the flash memory, effectively securing connected edge devices from persistent attacks like VPNFilter or bugs like TP-Link and Thrangrycat.

NanoLock Security’s solution with flash-to-cloud approach is an industry first for connected edge device cybersecurity. The NanoLock solution is integrated directly into a router on the manufacturer factory floor, building in a security perimeter that doesn’t rely on future hardware fixes or software patches to keep devices safe throughout a router’s entire lifecycle. This approach is also both processor and operating system agnostic and requires virtually zero processing power or additional energy.

By leveraging both a device’s flash memory and the power and flexibility of cloud-based management, companies creating or utilizing “smart” devices like routers, or cameras, sensors, robots, autonomous vehicle technology, etc. can ensure that access is blocked, and these devices are safe from attack. NanoLock creates an ironclad defense shield and serves as the last protection standing when all other methods of protection fail, also providing security monitoring for devices from factory floor to implementation.

The issue of router security is gaining greater attention from federal bureaus and consumer protection organizations.  In July 2019, D-Link, a popular manufacturer of routers and webcams, settled a case with the Federal Trade Commission (FTC) over poor security practices in its products. They were accused of misrepresenting the strength of their security practices, improperly storing user data, and failing to take testing and remediation measures. As a consequence, the FTC has now required D-Link to implement a comprehensive security program to adequately protect its customers, including third-party security audits every two years until 2030, and requiring D-Link to check security vulnerabilities before rolling out products, as well as monitoring once a product is released. These security requirements will likely become required for router manufacturers as more is understood about these vulnerabilities — NanoLock’s solution provides manufacturers with a way to ensure the highest levels of security, before a router even leaves the factory floor, and provides continuous monitoring to identify issues before they become threats.

Routers are a critical component of global networks today, and router insecurity can lead to greater problems within the networks that make up the most important industries today.  It is imperative for all involved in network security, from router manufacturers to telecom operators and beyond, to address these vulnerabilities before they are exposed, with solutions that allow them to monitor and protect from the moment a device is developed, to when it is operational in the real-world, throughout its entire lifecycle.

Hackers and cyber attackers are becoming more sophisticated in their attacks using routers. It is crucial that router manufacturers (and others in the IoT) look to new solutions like the NanoLock platform, that don’t utilize the CPU and offer managed security that providers insightful data are implemented into devices before it’s too late and customers are impacted.

Leave a Reply

Your email address will not be published. Required fields are marked *