Continuous attacks on routers and connected devices

In the last few months we have been flooded with reports about vulnerability and exploits on Internet connected devices such as routers, house automation devices (light switches), Point of Sale (POS) devices.

Let’s briefly review what has happened in this time:

 

AVM’s Fritz.Box

avm fritz

 

The sources in the media report that the patches that AVM, the producer of the routers delivered for all devices, were actually fixing another problem. The initial reports were mentioning that the vulnerability is related to remote access functionality in the router. Simply disabling it would have solved the problem, but the latest reports show that even without the remote control enabled, the routers are vulnerable. The only solution is to patch the devices with the latest firmware. Those who don’t know how to do this, must read the detailed instructions here (DE, EN).

 

Belkin

belkin

 

Belkin produces many products, but the house automation products (WeMo) and routers. The last vulnerability in the WeMo devices allows an attacker to overwrite the firmware and remote control the devices. The solution is not known at the moment, sources report that the only way to avoid an attack is either to shut down the device or to not allow access from the Internet.

 

Other routers: Asus, LinkSys, D-Link

Asus: allows attackers access to resources shared in the internal network

LinkSys: hit by the work TheMoon.

D-Link: allows unrestricted login through a backdoor

All these devices have known vulnerabilities and many of them are unpatched since months. A simple search in your favorite search engine after “<device> vulnerability” will give you hundreds or thousands of article about reports of vulnerabilities.

 

 

Solutions?

Not many, unfortunately.

The most obvious is to trigger a firmware update whenever possible and hope that the producer of the device has fixed the vulnerabilities.

If this is not the case, the mitigation of these risks is usually related to the access from the Internet, but not always. Whenever possible,  try to deactivate the remote access. Note that this doesn’t restrict in any way the functionality of the device, but it might restrict some of the functions. For example, some devices have mobile apps that remotely control the device. If such a configuration is done, these apps might not work anymore.

Some routers offer functionalities like Web server, FTP server, ActiveSync, iTunes sync, “Cloud Disk”, “Smart Access”, “Guest Access”, “Own Cloud”, “Media Streaming” and alike. All these have one thing in common: they allow access from the Internet via various protocols.

Whatever functionality your router has, if you are unsure what these functions do, just deactivate them.

 

Sorin Mustaca
IT Security Expert

 Thank you for reading this post on Avira TechblogFor latest news please follow us on FacebookTwitterGoogle+.

from Avira – TechBlog http://bit.ly/1cYyI0O
via IFTTT


© Copyright 2014 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

Check www.mustaca.com for the IT Consulting services I offer.
Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie http://de.itsecuritynews.info für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca
Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since year 2000 in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is an independent IT Security Consultant focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close