This week I wanted to talk a little bit about the mysterious
box provided by Internet Service Providers (ISP’s) or store bought, which allow
a home network to connect to the Internet.
Most don’t stop to think much about how they get to the Internet, or
more importantly, how the mysterious box provides a connection. In fact, most view the box, known as a
router/modem combination, as nothing more than a plug and play device much like
a CD ROM or flash drive. Plug it in;
turn it on and before you know it your surfing the net. However, even though it really is that easy,
the router/modem combination is eye candy for attackers and needs be secured.
Probably one of the most prevalent vulnerabilities
associated with these devices is the default password. In a research study by two individuals, they
stated, “The first thing we [exploited] was the default passwords; we were able
to see more than 1 million of them” (Mimoso, 2013). When ISP’s send a customer a router/modem or
install it during the initial setup, the router/modem combination is configured
with a default username/password. Many
individuals aren’t even aware of this or if they are, they aren’t too concerned,
and therefore it never gets changed.
After an attacker tracks down one of these devices, if the password
hasn’t been changed, it’s relatively simple for them to login and take
control. Once logged in, they can
perform a firmware upgrade which cannot be erased even if the router/modem is
reset. This allows them access to the
device at any time. In other words, they
can utilize the device at will whenever they need it. Once they have control of the device without
the owner suspecting anything, it can be used for such things as: bank fraud,
identity theft or could become part of a netbot system for Denial of Service
Attacks. Once the device is compromised
the only fix is for the ISP to replace the device, which will also increase
cost. The researchers stated, “This not
only creates avenues for malicious activity but also will likely leverage fees
on consumers for getting replacement equipment” (Mimoso, 2013).
So bottom line is, be aware.
If your ISP provides your device or if you purchase one on your own, the
first thing that needs to be done before connecting it and surfing the web is
to change the default password. Changing
the password on your router/modem is no different than locking your front
door. Other things that can be done as
well are: turning off the SSID broadcast, filtering/blocking addresses, and
using static IP’s versus DHCP or limiting the number of devices that can connect to the network…just to name a few. Don’t become one of the million statistics;
don’t make it easy on the attacker. The
harder it is, the more likely it is he/she will move on to something more
readily accessible.
Reference:
Mimoso, M. (April 2013). Using Customer Premise Equipment to Take Over the Internet. Retrieved from http://threatpost.com/using-customer-premise-equipment-take-over-internet-040113/77684
No comments:
Post a Comment