Wi-Fi security

Wi-Fi security: When the router is the weak link

Symantec's upcoming Norton Core router can monitor your home network for vulnerable IoT devices and quarantine them.
Symantec's upcoming Norton Core router can monitor your home network for vulnerable IoT devices and quarantine them.PHOTOS: ISTOCK

While even the best models can have security flaws, there are ways to keep hackers at bay

Routers are supposed to be the first line of defence against hackers and malware. But, sometimes, they turn out to be the weak link and recent news headlines showed that even the latest routers can come with security flaws.

Earlier this year, the Federal Trade Commission (FTC) took network-equipment maker D-Link to court in the United States for failing to take reasonable steps to protect its routers and Web cameras from unauthorised access, an allegation denied by the firm.

Last year, Asus settled with the FTC over charges of security flaws in its routers. Last month, several popular Netgear routers were found to have a critical vulnerability that can be exploited by malicious websites.

Hackers have, in the past, seized on such vulnerabilities in routers, turning them into bots to be used in cyber attacks.

Infected routers, as well as Internet of Things (IoT) devices such as Webcams, were involved in two distributed denial-of-service (DDoS) attacks on StarHub's domain name servers last October, which affected the Internet connection of StarHub's home broadband subscribers.

 

Routers originating from Singapore were also used in global cyber attacks last year.

Trend Micro estimated that, from Q1 to Q3, there were around 150,000 attacks from almost 5,000 compromised routers in Singapore. Most cyber attacks came from routers in the United States (1.9 million attacks from 62,000 routers), China and South Korea, with Singapore in 11th place.

Mr Michael Lee, a security evangelist at RSA Asia-Pacific and Japan, said: "Routers are like miniature computers, with their own storage and operating system but, due to their smaller form factor, there is sometimes very little room to make future changes and updates."

Routers are used for years, often until a new wireless technology or standard is introduced.

On the other hand, manufacturers have little incentive to keep their products updated with security patches after a few years.

CLUELESS USERS COMPOUND THE PROBLEM

Even if the router manufacturer was to release a firmware update, users may be unaware or lack the skills to patch their routers.

"Fifty-six per cent of Singapore consumers do not know how to set up a secure home Wi-Fi network or router," said Mr Nick Savvides, a security advocate at Symantec.

Symantec's Norton Cyber Security Insights Report 2016 found that more than two in five consumers in Singapore are still using the default password issued by their provider when setting up their Wi-Fi.

Recent malware like Mirai targets IoT devices, including certain router models that are using default user names and passwords.

"By compromising one's router, hackers can spy on one's online activities, or trick the individual into clicking on malicious links," said Mr Ryan Flores, a senior manager at cyber-security outfit Trend Micro Asia Pacific.

Said Mr Robin Schmitt, general manager for Asia-Pacific at Neustar: "One way manufacturers can assist in addressing security vulnerabilities is by automating the deployment and installation of patches."

This approach is already used by new routers from Google and a number of network start-ups (Eero and Luma) that come with an automatic update functionality.

Symantec is also planning to launch its first router, the Norton Core, in the US later this year. This router inspects packets for malware and other online threats. It also monitors your home network for vulnerable IoT devices and quarantines them.

But while routers may become clever enough to detect malware and auto-update themselves, they can still be compromised by careless users.

The Straits Times offers some some tips below on how you can secure your home routers.

A version of this article appeared in the print edition of The Straits Times on January 18, 2017, with the headline 'When the router is the weak link'. Print Edition | Subscribe