SOHO Network Routers Are Ripe For Hacking; Is Yours On The List?

Here’s one more thing you can fret about: Security evaluator ISE has discovered that a number of popular SOHO routers and WiFi access points are vulnerable to hacking. The firm calls the vulnerability a “critical security” problem, which is to say that a remote hacker could take over a router and change configuration settings or a local hacker could also skip the authentication process, and in both cases, the hacker would be able view and even change traffic on the network.

The firm looked at 13 different off-the-shelf devices to evaluate them for security vulnerabilities. What they found is startling. “Our research indicates that a moderately skilled adversary with LAN or WLAN access can exploit all thirteen routers,” said the group in a post. “We also found that nearly all devices had critical security vulnerabilities that could be exploited by a remote adversary, resulting in router compromise and unauthorized remote control. At least half of the routers that provided network attached storage (NAS) were found to be accessible by a remote adversary.”

Belkin router
Belkin F5D8236-4 v2

They found that all thirteen devices they looked at are vulnerable to local attacks, and four of them didn’t require an active management session. All but two of them could be hacked over a wireless connection, and two of those could be penetrated with no active management session.

ISE included a handy chart so you can see if your router is on the list. They divided the types of attacks into three categories: Trivial (can be launched directly against the router without credentials), unauthenticated (requires some sort of human error on the part of the hackee, but not an active session), and authenticated attacks (requires an active session or at least access to credentials).

Hackable router chart

Unfortunately, there doesn’t seem to be a whole lot that end users can do about this problem right now. ISE recommends that vendors keep device firmware and security patches up to date and available and let users know about the vulnerabilities, in addition to developing authenticated firmware, offering opt-out firmware update options, and running regular security audits. It recommends that admins keep firmware current, disable remote administration, and other basic best practice maintenance and procedures.

For end users, all you can do is try to avoid phishing scams, observe browser or software warnings, and generally be smart about online activity.