PC World Article: Router Security Vulnerabilities

Discussion in 'Mac Accessories' started by JulianBoolean, May 29, 2013.

  1. JulianBoolean, May 29, 2013
    Last edited: May 29, 2013

    JulianBoolean macrumors regular

    Joined:
    Aug 14, 2010
    #1
    Hi All,

    I'm currently eyeballing the purchase of a router. In the process of becoming an informed consumer, I've stumbled across an article, and uhm... I guess I don't know how to interpret the information. The gist of the article is that thirteen popular routers are vulnerable, and there is not much we can do about it. The article is from PC World, dated April 18, 2013. Here is a snippet and link:

    [..]

    QUOTE 1: Thirteen popular home and small office routers contain security problems that could allow a hacker to snoop or modify network traffic, according to new research. Independent Security Evaluators (ISE), which is a security consultancy based in Baltimore, found that all of the routers they tested could be taken over if the hacker had access credentials. The tested products came from Linksys, Belkin, Netgear, Verizon and D-Link. All of the router models evaluated ran their company’s latest firmware and were tested with their default, out-of-the-box configurations. Consumers have few options for mitigating the attacks, ISE said in its report.
    http://www.pcworld.com/article/2035...ontain-critical-security-vulnerabilities.html
    http://securityevaluators.com//cont...nt/case-studies/routers/soho_router_hacks.jsp

    And a similar article from CNET News:
    http://news.cnet.com/8301-1009_3-57579981-83/top-wi-fi-routers-easy-to-hack-says-study/

    QUOTE 2 : "Meanwhile, Kitchen of Hak5 recommends that people make their own routers entirely. "The best that a person can do is to roll their own using the Marin, Ca.-based Untangle, which takes any spare PC and turns it into a wireless router." He also recommends Monowall and Smoothwall. Heffner at Tactical Network Solutions agreed. "The best thing you can do is install a third-party firmware, such as OpenWRT or Tomato," he said.
    http://news.cnet.com/8301-1009_3-57579981-83/top-wi-fi-routers-easy-to-hack-says-study/

    [..]

    Question 1: Since no Apple routers are specifically mentioned, I'm left wondering about the very same security vulnerabilities.

    Question 2: The article states that all of the router models evaluated, ran their company’s latest firmware and were tested with their default, out-of-the-box configurations. Does that mean they did not set a password? If that's the case, then I'd imagine that taking at least the most basic security precautions when you set up would have a very different risk factor. I don't know enough of the lingo ie "trivial", "authenticated" " "unauthenticated" etc, to figure out how the stuff was set up during the time of the vulnerability testing.

    Question 3: So, if the worst case scenario is true, and all routers are manufactured to be inherently vulnerable, then what is the solution? Build your own router? Third party software? That's the solution hinted at in Quote 2.

    Any and all help is greatly appreciated!

    -Julian
     
  2. mentaluproar macrumors 68000

    mentaluproar

    Joined:
    May 25, 2010
    Location:
    Ohio, USA
    #2
    Is you are a geek with a broadcom-based router, grab one of the tomato firmware mods and flash it. (Toastman, victek, shabby, etc)

    As for access credentials, it's simple to change. Defaults are bad for security because everybody knows them.

    also, none of the brands mentioned there are any good. Look at buffallo, tp-link, and ASUS.
     
  3. JulianBoolean thread starter macrumors regular

    Joined:
    Aug 14, 2010
    #3

    Hey cool, thanks for the reply. But what's the meaning of "flash it" ?
     
  4. mentaluproar macrumors 68000

    mentaluproar

    Joined:
    May 25, 2010
    Location:
    Ohio, USA
    #4
    It's a way of installing new firmware on something, like phone and routers.

    If you don't understand that, don't do it. Router recovery modes are still for geeks only.
     
  5. ColdCase macrumors 68030

    Joined:
    Feb 10, 2008
    Location:
    NH
    #5
    Thats like saying when a burglar has keys to your house, he could take it over. You would have few options to mitigate the attack. :)

    You can make router more and more secure at the penalty of being less user friendly. For example, you set up a strong two factor authentication, shut off wireless, limit access to one MAC address (one device), disable all port forwards, and don't let anyone in to attach a bug on your network... Network access is limited to that device...

    You could also make sure there is nothing of value to a perpetrator that is attached to the network.
     
  6. mentaluproar macrumors 68000

    mentaluproar

    Joined:
    May 25, 2010
    Location:
    Ohio, USA
    #6
    Simply put, security is not about about keeping people out. It's about making it such a pain in the ass to get in that they move on to other targets.
     

Share This Page