Currently, criminals are grabbing much more home routers than ever, as evidenced by a study of the antivirus manufacturer Trend Micro. Between September and December 2019, the number almost tenfold, namely from 23 to 249 million unauthorized login experiments. In the Marz of this year alone, the company registered almost 194 million such attacks. The security researchers ame that with the relocation of company data in home networks, such attacks are far more lucrative for criminals.
The current attack shaft apparently drove professionals to use Brute Force procedures script controlled to crack access data of various Internet-of-Things devices. Home routers are based on their central location in the network of victims in the visor of the attacker: The router is the first device of the home network, which is responsive from the Internet. He is also suitable as a bridge head for more attacks on IoT devices behind it. The aim of the attacker is to tap the equipment in a botnet to drove approximately DDOS attacks on company websites.
Firmware often outdated
That home routers are increasingly jerking into the focus of professional attackers, it could be due to the safety of such equipment persistently poorly ordered. For example, the Fraunhofer Institute for Communication, Information Processing and Ergonomics (FKIE) has knocked the firmware of 127 non-listed home routers of the manufacturer ASUS, AVM, D-Link, Linksys, Netgear, TP-Link and Zyxel on security joke. Huawei routers did not investigate the researchers because the manufacturer does not provide firmware files on their website. For the same reason, Fraunhofer has not considered the widespread provider routers.
The result of this partial examination is more humiliatory: Many manufacturers do not develop any safety updates for their equipment, so information about many old router weaknesses are long in circulation. The Fraunhofer researchers had subjected the firmware of the routers to automatic tests using their own methods and thus determined from when the Linux kernel contained therein comes from. In addition, the researchers have investigated whether gearful Exploit protection measures have been implemented and whether security ies such as preset passwords were present.
For 22 of the 127 tested devices have not received fresh firmware updates for two years. More than a third of the residence firmware is based on Linux kernel versions that have not received security updates for at least nine years. The firmware of a Linksys Gerat Grundet on a nearly 18-year-old Linux kernel. The picture continues with the exploit defense measures: Again, the manufacturers could do much more to make their routers safer. After all, the AVM routers at a distance cut off, Asus and Netgear also have a few praising words of the tester.
BSI wants more security
The German Federal Office for Safety in Information Technology (BSI) has recognized the Federal Office for Safety in Home Routers, and at the beginning of July published a new preliminary specification for routers in the end customer area. On this basis, manufacturers, pruers and "other interested parties" should examine the safety of home routers. According to BSI, you want to make such test results comparable, so that the home router offer is safer as a whole. Based on the new specifications, routers can also be certified as part of the technical policy for home router security published by the BSI at the end of 2018 at the end of 2018.
It remains to be hoped that the provusion criteria drove that customers can better compare the safety of routers better and the security is an important purchase criterion.
This post comes from C’t 17/2020.