Security vulnerabilities found in 80% of best-selling SOHO wireless routers
Posted on 21 February 2014.
Tripwire has analyzed the security provided by the most popular wireless routers used in many small and home offices and found that 80 percent of Amazonís top 25 best-selling SOHO wireless router models have security vulnerabilities.


Of these vulnerable models, 34 percent have publicly documented exploits that make it relatively simple for attackers to craft either highly targeted attacks or general attacks targeting every vulnerable system they can find.

Routers are an ideal target for cyberattackers because they can be used to eavesdrop on traffic sent to and from nearby enterprise access points. After an attacker has gained control of a router, they are able to monitor, redirect, block or otherwise tamper with a wide range of online activities. Once a router is compromised, devices guarded by the routerís firewall become targets for additional network-based attacks.

Even technically oriented users find it difficult to identify a wireless router cyberattack because router user interfaces are minimal, and the traffic sent from a compromised device to cyberattackers is typically invisible.

Key study findings include:
  • 30 percent of IT professionals and 46 percent of employees do not change the default administrator password on their wireless routers. With access to the configuration interface, attackers can easily compromise the device.
  • 55 percent of IT professionals and 85 percent of employees do not change the default Internet Protocol (IP) address on their wireless routers, making Cross-Site Request Forgery (CSRF) attacks much easier for cyberattackers.
  • 43 percent of IT professionals and 54 percent of employees use Wi-Fi Protected Setup (WPS) Ė an insecure standard that makes it simple for attackers to discover a routerís encryption passphrase, regardless of its complexity or strength.
  • 52 percent of IT professionals and 59 percent of employees have not updated the firmware on their routers to the latest version, so even when security updates from router vendors are available, most users do not receive the additional protection.
A few key security practices can help users can effectively limit wireless router cyberattacks. However, Tripwireís study of wireless router security practices among IT professionals and employees who access corporate networks from remote locations shows that these practices are not widely used.

"VERTís research and SANS recent discovery of The Moon worm currently infecting exposed Linksys routers indicates that threats to routers will continue to increase as malicious actors recognize how much information can be gained by attacking these devices," said Craig Young, security researcher for Tripwire.

"Unfortunately, users donít change the default administrator passwords or the default IPs in these devices and this behaviour, along with the prevalence of authentication bypass vulnerabilities, opens the door for widespread attacks through malicious web sites, browser plugins, and smartphone applications," Young added.






Spotlight

Whitepaper: Zero Trust approach to network security

Posted on 20 November 2014.  |  Zero Trust is an alternative security model that addresses the shortcomings of failing perimeter-centric strategies by removing the assumption of trust.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Nov 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //