How to Protect Your Router and Other Embedded Devices from Attacks

You conscientiously encrypt the important files you store online. You have also taken steps to encrypt your data transfer each time you upload, backup, and sync your files to the cloud. But businesses may be overlooking users that work from home offices and the vulnerable entry points–gateways, plug-and-play devices, routers, and wireless access points. Routers, in particular, are the likeliest targets for attack because many other local devices go through them to access the internet.

More and more software developers are making strides with their security-conscious coding–complete with automatic security patching and updating. The same cannot be said for manufacturers of routers and other embedded devices. Thus, attackers are now shifting their attention from software to the more vulnerable entry points for intercepting data–the always-on installed devices whose firmware are most likely not regularly updated.

In early February 2014, it was reported that the DNS settings of thousands of home routers in Poland were taken over by cybercriminals trying to intercept connections for online banking. Then in March 2014, Team Cymru, an internet security research agency, reported an extensive global attack that ended up compromising 300,000 home and small-office routers. In the latter case, the attackers exploited the known vulnerabilities inherent in certain router models.

Your router can also expose your hard drive’s sensitive contents to the internet, like what happened to thousands of routers made by Asus. If your home networking equipment has been standardized by your ISP–which is almost always the case–then it means your home networking configuration and settings are the same as all the other subscribers of your ISP. If there is a vulnerability that can be exploited in such a widely known home-networking configuration, then a large-scale attack would have been easier to carry out.

The least you can do is to perform these actions. One, change the admin password on your home networking system. If a technician simply came over to install your home networking equipment and you did not enter the configuration settings, then your ISP may have set it to the default password. Two, consider disabling the feature that makes your information and data transfer susceptible to attack. There is a feature that allows access from the internet to your admin interface. That’s a viable entry point you might want to disable. And three, check for firmware updates regularly.

If you are a non-technical user, a quick call to your ISP’s customer support can help you update and configure your router so that its settings become more secure. The technical support agent can also educate you regarding the installation of updates. Hopefully, manufacturers of embedded devices would soon make it easy for non-technical users to help keep their data away from cybercriminals and to make automatic security updates available for downloading and installation regularly.