By Editor
Your home is not just bricks and mortar anymore –
it is becoming a connected web of technology that needs to be protected. Every
new smart ‘thing’ we bring into our homes – be it just a simple smart
meter or Amazon’s Alexa – increases the number of devices connected via our
internet router and, as a result, the opportunity grows for hackers to gain
access to homes grows.
Lessons learnt
You only have to look at recent attacks to see how
devastating the consequences of not securing internet-connected devices can be.
For example, this time last year we witnessed the largest DDoS attack ever known. This was caused by the
Mirai botnet – which is made up of a large number of internet-connected
devices, including home routers – generating massive amounts of bogus traffic
to swamp targeted servers and thus essentially bring down much of the internet.
It’s argued that some of the successful attacks
against routers are due to the use of default passwords which, for most
devices, are widely known. In fact, ESET researchers revealed that out of 12,000 home routers they
checked, 15% used weak passwords, with “admin” often left as the username.
Securing the foundations
With this in mind, better security of your internet
router is one of the simplest ways in which you can cyber-safeguard your home,
and the technology you keep there. The router is essentially the foundation of
the connected home, so this year during European Cyber Security Month, take time to follow these four
simple steps:
1.
Invest in the
right router: Read online reviews of
routers before purchase and look for easily-used security features. WEP
encryption was broken long ago, and the recent WPA2 encryption attack known as KRACK has shown that WEP’s replacement may be vulnerable too.
Although few routers — most commonly found in homes — needed updating because
KRACK-affected client-side WPA2 implementations, some devices did need updating
and many older devices were stranded by their vendors.
2.
Always update
the firmware: It’s easy to forget to
check your router for security updates. You may not get prompted to do this as
soon as updates become available so it’s well worth the effort to make sure
you’re signed up to the vendor’s alert list to remind you to check for any updates.
Consider such updatability issues when choosing a router, as the next WPA2 flaw
may require a router update. When considering how important your router is in
protecting your home, an extra $20-30 now, for a well-supported brand who will
still ship updates for today’s devices a couple of years’ time is a better
investment than having to bin a cheaper device and buy a new one to fix that
next vulnerability.
3.
Disable
Universal Plug and Play (UPnP) on your router: The majority of people won’t
need to use router UPnP, in which case it’s good practice to disable this
option in your router settings. The feature allows people to access your
network without authentication so it’s best to disable it where possible.
4.
Turn off
remote management: To avoid
hackers changing the settings on your router via remote access, turn off
wireless remote management. This means that physical access to the router is
required in order to change many settings.
As we introduce more devices into our homes,
security has to be front of mind. You are fundamentally adding more windows and
doors for hackers to push to gainaccess to your home and, just as you lock your
front door, you need to lock down these virtual access points too. Security is
essential to anything, especially our routers, and it’s important that we
ensure that the Internet of Things doesn’t instead become the Ransomware of
Things instead.
If you are worried about your own situation, the
guys over at bleepingcomputer.com have produced a useful list of companies that have already supplied a patch to
their customers.