The fact that home and office network devices are insecure is nothing new. For years now, security researchers have pointed out security holes in printers and home and office routers. And we’ve already seen malware exploiting vulnerabilities in routers to spread to other connected devices, and even hackers exploiting these vulnerabilities to take over the devices and use them to launch DDoS attacks towards online services. A case in point: in one of the largest DDoS attacks to date, hackers were able to bring down Sony and Microsoft’s gaming platforms around Christmas last year, relying in great part on hacked internet routers. Taking control over millions of home routers protected by little more than factory-default usernames and passwords, they were able to create botnets of home and office routers, and use them to launch DDoS attacks on the online gaming services.
While these vulnerabilities enable hackers to bring down websites, they can also be used to compromise end users’ machines and online experiences by:
- Redirecting them to fake web pages meant to trick them into handing out their personal and sensitive information
- Intercepting online banking sessions
- Stealing their credentials to online accounts
- Replacing legitimate ads with malvertisements on the websites they go to
- Taking control over their machines through the compromised home network, and prevent software updates or push malware onto them.
Given the attacks mentioned above and the (seemingly) ever-present vulnerabilities, routers and printers are emerging as hacker’s new attack weapons. Unfortunately, device manufacturers seem to be lagging behind security researchers in terms of discovering, patching, and issuing security updates. Which is understandable, as they are not focused on security and developing proper code for preventing attacks. However, even though device manufacturers issue firmware updates, it’s up to end users to install updates. Since users have to check the manufacturer’s website for thelatest updates, many users often overlook them completely while others have trouble installing them.
According to IT Support experts Visionaire, not checking for regular firmware updates is one of the top mistakes their customers make. At the same time, it’s also one of the top issues some of their customers come to seek help with. Noteworthy is that their customers range from home users to small office managers.
As a conclusion, the top issues with insecure routers and printers would be:
- Issue #1: ubiquitous security holes
- Issue #2: slow manufacturer reaction to developing patches for vulnerabilities
- Issue #3: users overlook firmware updating
Considering the many parties that an attack on routers or printers could affect, the security industry, as a whole, needs to cooperate to reduce security risks. Where slow responding manufacturers and oblivious users fail to ensure secure use of home network devices, experts can provide valuable help in mitigating risks – be it security researchers performing vulnerability tests on these wide-spread devices, or tech support companies helping end users to secure their access to the world wide web.
However, manufacturers need to educate users about security, and to provide a mechanism that automatically and flawlessly patches vulnerabilities within their product. Also, designing their products with security in mind should become key to their product development strategy.
Learn more Bitdefender OEM’s security solutions and how we help companies make their products secure.