x
Breaking News
More () »

Don't let your router be a gateway for cycbercriminals

Many of us give little thought to our routers, but they are very important to our digital lives — and if you are reading this online, you are using one.

<p><span class="cutline js-caption" style="display: block; font-family: arial, sans-serif; font-size: 11px; font-weight: bold;">Many of us give little thought to our routers, but they are very important to our digital lives.</span><span class="credit" style="font-style: italic; font-family: arial, sans-serif; font-size: 11px;">(Photo: Thinstock)</span></p>

Many of us give little thought to our routers, but they are very important to our digital lives — and if you are reading this online, you are using one.

A router is a networking device used to transfer data between your computer and the Internet. Routers also are an essential part of your home network’s security, acting as a firewall in protecting the devices on your local network from malicious attacks coming over the Internet.

Unless proper security precautions are taken, your router can put you in danger of being hacked, becoming a victim of identity theft or having your computer taken over in a botnet and used by cybercriminals to spread malware.

A massive Distributed Denial of Service (DDoS) attack in October against the Dyn corporation, for instance, was accomplished through a botnet that exploited security flaws in routers, webcams and other Internet of Things devices. The attack against Dyn, a prominent Domain Name System (DNS), provider, overwhelmed and temporarily shut down many popular destinations on the Internet, including Amazon, Twitter, Spotify, Netflix and PayPal.

A DDoS occurs when the DNS provider gets flooded with an overwhelming amount of traffic which causes the website to shut down. Often the traffic comes from an army of botnet computers -- computers of unsuspecting people that are infected and then remotely used to send the huge amounts of communications necessary to cause a DDoS. This problem has magnified as the cybercriminals infiltrate and incorporate into their botnet not just computers but also that myriad of devices that make up the burgeoning Internet of Things

The Federal Trade Commission (FTC) has filed a complaint against D-Link Corporation in the Federal Court for the Northern District of California alleging it has failed to take reasonable steps to protect the security of its routers and IP cameras, thereby putting its customers in extreme danger of being hacked. IP cameras are used by both consumers and businesses to monitor their homes and businesses for security purposes including so called “nanny cams” to monitor children’s rooms and play areas.

D-Link denies the FTC’s charges.

According to Jessica Rich, the director of the FTC’s Bureau of Consumer Protection, “Hackers are increasingly targeting consumer routers and IP cameras — and the consequences for consumers can include device compromise and exposure of their sensitive personal information."

"When manufacturers tell consumers that their equipment is secure, it’s critical that they take the necessary steps to make sure that’s true,” she said.

Among the flaws alleged by the FTC were hardcoded login credentials in the D-Link routers and web cams that make it easy for a hacker to take control of the consumer’s devices. The FTC also noted a software flaw called "command injection" that would allow a hacker to take control of the consumer’s router by sending unauthorized commands over the Internet. The FTC further alleged that a private key code used sign into D-Link software was exposed on a public website for more than six months. In addition, the FTC alleged that D-Link’s users’ login credentials for its mobile app were stored in clear, readable text on the user’s mobile device although free software to encrypt and secure these credentials has been available since 2008.

Compromised routers can enable a cybercriminal to re-direct consumers attempting to go to a legitimate financial website to a spoofed website where the consumer would be tricked into providing personal information that could lead to identity theft. A compromised router could also be used by a hacker to gain access to sensitive information such as income tax returns that might be stored on the router’s attached storage device.

Insecure routers can be identified and located easily over the Internet by hackers.

Merely because the FTC only took action against D-Link does not mean that if you have a router or webcam from another manufacturer that you are safe. Other router and webcam manufacturers also have similar security issues. Last year the FTC settled similar router-related security flaw charges with computer hardware manufacturer, ASUS. Ultimately the place to find a helping hand when it comes to securing your router is, as I have said before, at the end of your own arm.

So what can you do to secure your router?

Upon installing your router, immediately change the default password to a strong, secure password. If you didn’t do it when you first installed your router, do it now. Also, download the latest security updates to your router whenever they become available. Few routers automatically update their security firmware so it is up to you to check the manufacturer’s website regularly to make sure that you have installed the latest security protections av available.

But keep in mind that many older routers are no longer supported with firmware updates, so if your particular router is no longer being continually supported, you should consider getting a new one. At the recent Consumer Electronics Show (CES) in Las Vegas, a number of companies including D-Link displayed new routers with automatic security updates.

Steve Weisman, an expert in preventing cyberscams and identity theft, is a lawyer and professor at Bentley University. He writes the blog scamicide.com, where he provides daily update information about the latest scams. His new book is Identity Theft Alert.

Before You Leave, Check This Out