Hackers aren’t just targeting major corporations. They’re also exploiting routers in small businesses and even households. They can, for instance, hack into routers to remotely open up network access via the Internet or perform local attacks in order to obtain access via the Wi-Fi.
Here I’ll discuss a couple of security vulnerabilities in consumer and small business-class routers and show how to prevent them from threatening your network, which usually just takes a simple setting change. I’ll discuss some newly discovered vulnerabilities in addition to some weaknesses that have been around for many years.
Many routers and other network-connected devices support the UPnP (Universal Plug and Play) protocol. This standard enables networked devices to automatically discover each other and establish connections for easily accessing the devices, sharing or streaming media, and other services.
There have been known vulnerabilities with UPnP within the local network, but it was publically discovered in early 2013 that some vulnerabilities can be exploited via remote attacks over the Internet on certain devices. This allows hackers to perform remote code execution to modify firewall and other network settings that can open your network up to further hacking. They could also perform denial of service (DoS) attacks to disturb your operations.
Though not all routers are susceptible to this vulnerability and some vendors may release updates to fix those that are at risk, its best to disable UPnP. Additionally, you should consider blocking UPnP traffic on the firewall of your router or Internet gateway.
If you want to know if yours is susceptible to some specific UPnP attacks you can use the ScanNow for UPnP utility from Rapid7.
Most Wi-Fi routers from 2007 and on include the Wi-Fi Protected Setup (WPS) feature. It was created by the Wi-Fi Alliance to help simplify the process of connecting Wi-Fi clients using the Personal (PSK) mode of Wi-Fi Protected Access (WPA or WPA2) security. Depending upon the WPS support by your router and end-user device, you can either push a button on the router and or enter the router’s PIN on the device you want connected.
There’s a vulnerability publically discovered in late 2011, however, that makes cracking WPS fairly easy with tools like Reaver and wpscrack. The vulnerability lies in the design of the PIN method of WPS. It makes it possible for a local attacker to crack the PIN combination via brute force attempts and also perform denial of service DoS attacks. Once they have the PIN they can connect to the secured network without cracking the actual encryption. You can learn more about the WPS vulnerability from a past article.
Though vendors can implement functionality in their routers to help reduce the threat of this vulnerability, it's best to disable WPS if possible. Additionally, you can use the Enterprise (802.1X) mode of WPA or WPA2 security, which isn’t susceptible to this vulnerability. You can learn more about deploying enterprise Wi-Fi security in small businesses from a past article.
Disable Web-based Remote Management
There are a few exploits hackers can use to take control of your router via the Internet when you have web-based remote management enabled. Thus disable it so your router’s web-based interface isn’t exposed to the web.
Instead of using the router’s remote management feature, consider connecting to the network via VPN when remote access is needed. If that isn’t possible, see if the router supports remote SSH access, which is more secure than web-based access. And as a last resort, if you want to use the web-based remote management see if you can at least specify allowed IP addresses to limit where access can be made.
Enable HTTPS Web-based Management
There are also vulnerabilities of the web-based management on your local network. A rogue user or hacker with internal access could eavesdrop on the network traffic and possibly capture or crack your logins to the router’s web-based interface. Once they have access they could change the router settings and create a security hole in the network. To prevent capturing or cracking of your router’s password, enable HTTPS access if it’s offered.
Verify the Firewall is Enabled
Though it’s usually enabled by default, ensure the router’s firewall is enabled. Also use any optional security features like turning off ping responses and using any features that help prevent DoS attacks.
Change the Admin Password
Though you take steps to prevent hackers from having access to the web-based management, you should still change the default admin password. This will also help protect your router incase users on network try to access it.
Enable Logging and Review Logs
Most routers have a logging feature that logs informational and security alerts. Ensure logging is enabled and check them periodically for signs of attacks. You might find signs of hacking attempts and other issues.
Safely Store Your Router Backup File
If you save your router’s configuration, ensure the backup file is stored in a secured location. There are utilities that can perform off-line cracking of the admin password using the backup file.
Upgrade Your Firmware
As mentioned, vendors can—but aren’t required—to release updates to their networking gear to patch known security holes, improve the device, and even add new features. So keep an eye out for firmware updates for your models. Visit the vendor’s website to view the firmware downloads and then check your device’s firmware version to see if there’s a newer version you can update to.
We discussed many security vulnerabilities affecting consumer and small-business routers. Always ensure the router’s firewall is enabled and take advantage of any optional security features. To protect against the newly discovered remote vulnerabilities of UPnP, consider disabling this service on your router. To prevent local attacks to cracking your WPS PIN, consider disabling WPS as well.
Additionally, consider disabling remote web-based access to your router and consider enabling HTTPS encryption for securing your local access. Remember to change the default admin password, enable and check the router logs, and safely store router backup files.
Lastly, ensure your router and other network devices are kept up-to-date with firmware updates released by the vendors.