Your Next Big Security Headache: Your Wireless Router

You've installed antivirus software on your computers, configured your operating system to update its security automatically and password-protected your Wi-Fi. So your home network is safe against hackers, right?

Guess again. And then take a long look at your wireless router.

What Can Happen (Hint: It's Bad)

For years, manufacturers of home routers have all but ignored security issues, at least when it comes to making sure that consumers update their firmware to close exploitable vulnerabilities. Let's put it this way: Have you ever updated the firmware on your router? If not, odds are good that it's got one or more security holes through which a properly motivated hacker could slip.

Attacks on routers aren't common, partly for logistical reasons that make them uneconomical for hackers. But that could change as technology evolves, criminal incentives shift and security tightens up in other areas. One big potential trouble spot: the embedded Web servers that many routers use for managing their settings — including, of course, security.

Router manufacturers have done a lousy job informing users about firmware updates that would patch security flaws, and are even worse making it easy for users to obtain and install those updates. Such patches are seldom available through automatic services, forcing users to look up the fixes on manufacturer websites.

"These are low-priced, low-power devices," Tod Beardsley, a researcher with application security vendor Rapid7, said. Manufacturers "may not have the margins on these devices to provide ongoing software support."

To see what can happen when a flaw remains unpatched, look no further than a major intrusion in Brazil in 2011, when hackers broke into 4.5 million home DSL modems over the Internet. The modems were reconfigured to send users to malware-carrying imposter websites, primarily so thieves could steal their online banking credentials.

From Brazil With Love

That exploit in Brazil was similar to one that application security tester Phil Purviance recently employed against a wireless Linksys EA2700, which was released about a year ago. Called a cross-site request forgery, the technique allowed Purviance to break into the router's embedded management Web site. Once in, Purviance found he could change the login information and remotely manage the hardware.

"What I found was so terrible, awful, and completely inexcusable!" Purviance wrote in his blog. "It only took 30 minutes to come to the conclusion that any network with an EA2700 router on it is an insecure network!"

Purviance found a total of five vulnerabilities in two Linksys routers, the EA2700 and WRT54GL. Separately, flaws recently found in Linux-based routers from D-Link and Netgear could enable a hacker on the network to gain access to the command prompt on the operating system, Rapid7 reported.

D-Link and Netgear didn't respond to requests for comment. Belkin, which bought Linksys from Cisco last month, said in an email sent to ReadWrite that the EA2700 was fixed in a firmware update released last June. Called Smart Wi-Fi, the firmware is available through an opt-in update service. 

What Hackers Want

Manufacturers have gotten away with sloppy security practices because breaking into wireless routers usually requires physical proximity. That made it far harder for hackers to bust into multiple computers, because they'd have to move from network to network in order to target them. Thus hackers have tended to favor blasting out malware-carrying spam from a single location over attacking individual wireless routers.

But that could change. Industrial control systems that run manufacturing operations, power grids and other critical infrastructure are increasingly under pressure from cyberespionage campaigns. Vulnerabilities in these systems are as bad as in home routers. You can see just how bad is is via the search engine Shodan,  which collects information on 500 million connected devices, such as routers, printers, webcams and servers, each month.

In time, hackers will develop better tools and malware for breaking into hardware, and this technology will eventually find its way into the criminal underground.

How To Safeguard Your Router

In other words, it makes sense to safeguard your router now. Here are a few steps you can take to make your home network a less inviting target:

  • In your router security settings, make sure you've changed any default usernames and passwords. These will be the first things any hacker tries, much the way a burglar jiggles a doorknob to see if it's unlocked.
  • Disable wireless access to your router's management console, which allows you to manage its settings by pointing a Web browser to an address such as 192.168.1.1. Disabling wireless access means you'll have to be physically plugged into the router in order to manage it, making it far more difficult to hack.
  • If you're sufficiently technically minded, consider replacing your router's doubtless buggy internal software with an open-source alternative such as DD-WRTTomato or OpenWRT. While these options aren't particularly consumer friendly, their firmware is less likely to contain obvious vulnerabilities — and will probably offer you some cool new features, too.

Image courtesy of Shutterstock

Updated at 12:35pm PT to make clear that embedded Web servers, not embedded browsers, pose a security threat in many routers.