Rogue Routers

By on Jan 5, 2017 in Technology

The smart home’s weakest link may be that unassuming router tucked neatly next to your modem.

[Update: Netgear has released firmware updates for the affected products. Click here for more information.]

While the breach of one billion Yahoo! Email accounts continues to dominate the new, another internet security crisis continues unabated. As Lily Hay Newman reports in Wired’s latest issue, Nighthawk line of Netgear routers can be remotely exploited, allowing third-parties to take control of the devices, leaving thousands of home networks open to hackers and “”havoc-wreaking botnets.”

“While Netgear has finally released a tentative fix for some models,” writes Newman, “the delays and challenges in patching all of them help illustrate just how at risk the Internet of Things is—and how hard it is to patch up when things go wrong.”

Hacking the Home

Like many of the smart devices that make up the “Internet of Things,” routers seem as common – and as low-tech – as a toaster or thermostat. But as has already been noted, the ubiquitous nature of many of these ‘wired” versions of our beloved devices make them almost invisible; and for many smart home inhabitants, invisibility is a weakness.

“If we want to put networked technologies into more and more things, we also have to find a way to make them safer,” Michael Walker, program manager and computer security expert for the Pentagon’s advanced research arm recently told the New York Times. “It’s a challenge for civilization.”

Routers Gone Wrong

Andrew Rollins, a security researcher with the handle Acew0rm, notified Netgear about the security flaw back in August but never heard back from the company. As months went by with no fix – presumably exposing thousandshutterstock_455827165s of users in the interim – Rollins eventually chose to go public. His announcement of Netgear router backdoor eventually triggered a Department of Homeland CERT notice suggesting Netgear users disable their web service, disable remote administration, or unplug their devices.

“The flaw allows unauthenticated web pages to access the command-line and then execute malicious commands, which could lead to total system takeover, explains the CERT notice before assuring users, “Exploiting this vulnerability is trivial.”

Netgear confirmed eight of its router models “might be vulnerable” to attack (R6250, R6400, R6700, R7000, R7100LG, R7300, R7900, R8000), including three of the company’s bestsellers. Though a set of beta patches for some of the affected models were released by the company, Netgear admits the fix “might not work for all users.” Adding an extra layer of complication, Netgear customers will need to manually install the firmware on their own, as there are no plans to push an over-the-air update at this time.

In a statement about the issue, a representative for Netgear said the company strives “to earn and maintain the trust” of its users, is “actively working to provide solution for our customers.”

“It’s making them look very incompetent,” Rollins tells Wired, adding the flaw he discovered “is not that hard to fix at all.”

Mending (Router) Fences

Alternatives to the Netgear fix are available. In addition to the CERT advisory, some online tutorials exist. Computer science researcher Bas van Schaik has posted online a systematic process for securing most of the Netgear routers. He begins by advising users first to check if they are susceptible by following a particular router login link: http://www.routerlogin.net/cgi-bin/;uname$IFS-a,

“If a web page appears (which is not an error),” writes van Schaik, “You’re vulnerable.”

For those needing a fix, van Schaik details the method of patching up the security hole and (hopefully) fending off any attempted hacks, with one caveat.

“You are now safe,” he concludes, “But don’t forget: after turning your router off and on again (or a power cut!), the web server process will start again, and you will be vulnerable.”

No Alerts and Zero Warning

Unfortunately, this type of exposure to cyber-attacks will only expand as more and more smart devices go online. As each smart homes joins the Internet of Things, infections and online hacks will continue to exploit any vulnerability. Without early warning systems or any straightforward notification systems, many of these security breaches may go unnoticed until it’s too late.

““It’s got to get to the level that it’s simple in terms of notification and procedure to upgrade for users. Otherwise, we end up with the problem we have,” says Morey Haber, vice president of technology at the security firm BeyondTrust. “There are many devices are out there that are complex and not easy to update, and people don’t even know it.”

“And as long as so many devices are vulnerable,” concludes Wired’s Lily Hay Newman, “attackers will actively look to exploit them. It’s a vicious cycle, one that’s playing out for many Netgear owners in real time.”