Continuous attacks on routers and connected devices

In the last few months we have been flooded with reports about vulnerability and exploits on Internet connected devices such as routers, house automation devices (light switches), Point of Sale (POS) devices.

Let’s briefly review what has happened in this time:

 

AVM’s Fritz.Box

avm fritz

 

The sources in the media report that the patches that AVM, the producer of the routers delivered for all devices, were actually fixing another problem. The initial reports were mentioning that the vulnerability is related to remote access functionality in the router. Simply disabling it would have solved the problem, but the latest reports show that even without the remote control enabled, the routers are vulnerable. The only solution is to patch the devices with the latest firmware. Those who don’t know how to do this, must read the detailed instructions here (DE, EN).

 

Belkin

belkin

 

Belkin produces many products, but the house automation products (WeMo) and routers. The last vulnerability in the WeMo devices allows an attacker to overwrite the firmware and remote control the devices. The solution is not known at the moment, sources report that the only way to avoid an attack is either to shut down the device or to not allow access from the Internet.

 

Other routers: Asus, LinkSys, D-Link

Asus: allows attackers access to resources shared in the internal network

LinkSys: hit by the work TheMoon.

D-Link: allows unrestricted login through a backdoor

All these devices have known vulnerabilities and many of them are unpatched since months. A simple search in your favorite search engine after “<device> vulnerability” will give you hundreds or thousands of article about reports of vulnerabilities.

 

 

Solutions?

Not many, unfortunately.

The most obvious is to trigger a firmware update whenever possible and hope that the producer of the device has fixed the vulnerabilities.

If this is not the case, the mitigation of these risks is usually related to the access from the Internet, but not always. Whenever possible,  try to deactivate the remote access. Note that this doesn’t restrict in any way the functionality of the device, but it might restrict some of the functions. For example, some devices have mobile apps that remotely control the device. If such a configuration is done, these apps might not work anymore.

Some routers offer functionalities like Web server, FTP server, ActiveSync, iTunes sync, “Cloud Disk”, “Smart Access”, “Guest Access”, “Own Cloud”, “Media Streaming” and alike. All these have one thing in common: they allow access from the Internet via various protocols.

Whatever functionality your router has, if you are unsure what these functions do, just deactivate them.

 

Sorin Mustaca
IT Security Expert

 Thank you for reading this post on Avira TechblogFor latest news please follow us on FacebookTwitterGoogle+.