Hello everyone and welcome to ZDTech, ZDNet’s daily editorial podcast. My name is Louis ADAM and today I am going to explain to you why routers have become a prime target for hackers.
Hackers have routers in their sights. These devices are used for redirect traffic from different computers and connected objects within a local network, for example a wifi network. In France, most routers deployed in private homes are offered by Internet service providers in the form of “boxes”.
These propose to associate a router with a modem in order to act as a gateway between all the equipment in the house and the Internet network. But this is not always the case: many Internet users and small businesses can choose a custom router that better meets their needs, for example to extend the range of a wifi network.
And for hackers, these routers are a prime target. Firstly because these devices are frequently exposed on the Internet. But mostly because the router ecosystem includes many manufacturerseach offering their own devices with their own set of easy-to-exploit vulnerabilities and flaws.
In 2020, a study carried out by a German institute had thus carried out an analysis of a hundred firmware deployed in routers marketed by seven different brands. The researchers then estimated that, on average, each device was vulnerable about fifty security vulnerabilities. The fault of the manufacturers, who distribute the updates at a low rate. Flaws discovered in 2018 in Mikrotik routers, for example, have been widely exploited by operators of the Meris botnet to inflate the number of infected devices.
But without even talking about software vulnerabilities, it is also frequently observed that routers have administration accounts whose default passwords are often simplistic and known, when they’re not just hard-coded. This was one of the techniques employed by the Mirai malware and the many variants that followed in its footsteps. He was testing a list of known usernames and passwords on all the machines he saw connected. And when he managed to access it, he infected the device.
Cybercriminals’ interest in routers is not new, after all Mirai was in 2016. But in 2020, the Covid 19 pandemic has brought routers back into fashion for many individuals forced to work from at home during the lockdown.
To avoid unpleasant surprises, it is therefore better to take some precautions before activating a new router: modify the default configuration and passwords, ensure that the latest security updates have been installed, check that traffic encryption and the firewall are enabled and pray that this is enough.