Secure Your Router from Internet of Things (IOT) Takedowns
The Communications Authority (CA) fourth quarter report for 2015-2016, notes Kenya has about 10.8 million broadband internet subscriptions.
This means that slightly over a quarter of Kenyans now connect to the Internet on 3G connections or higher, mostly via affordable smartphones and broadband charges.
On the other end of the spectrum Internet Service providers (ISP) have provided attractive packages to home users on the back of Fiber to Home (FTH) connections, mostly in the urban areas.
Thus, we are witnessing the advent of the so-called Internet of Things (IoT) phenomenon. As technology advances, Kenyans are now adopting and buying vastly interconnected devices for the home, enticed by the prospects of IoT.
Supported by a duplicity of applications and online platforms all accessible and available on a 24/7 basis, examples of these include smartphones, computers, Internet Protocol (IP) security cameras, Video games, smart televisions and digital video recorders (DVRs) among others.
Perhaps second to smartphones, the most universal connectivity device in the home are internet broadband routers. These act as the gateways to whichever ISP network we subscribe to and are necessary for successful signal distribution, making them attractive targets for cyber-criminals.
“Poorly configured or managed internet broadband routers could be the biggest cyber-risk targets locally. We know from experience that unsecured routers can easily fall prey to cyber-attacks”, says Teddy Njoroge, Country Manager for Internet Security company ESET East Africa.
In November as many as 900,000 Deutsche Telekom customers in Germany were taken offline over a two-day period, as cyber-criminals attempted to deliver a huge Distributed Denial of Service (DDos) attack by hijacking the ISP’s internet broadband routers into a botnet.
A DDos occurs when cyber-criminals access and commandeer devices, networks and systems into a group of connected and coordinated computers (botnet) for malicious purposes such as to drive immense traffic (request for service) towards a targeted site to the extent of causing a temporary or permanent collapse (denial) of service.
In this instance, the attack could fool the vulnerable routers into downloading and executing malicious code. The aim was to crash or exploit them through commands to change settings, steal Wi-Fi credentials, or bombard target websites with unwanted traffic.
The Deutsche Telekom attack was only thwarted when users were advised to switch off their devices and download newly-released firmware updates to patch the exploits. The router being the frontline gate pass to your network, it is important to take extra precautions during setup and configuration.
The key best practice in safeguarding against attacks is carrying out regular updates for your router and IoT devices. These provide patches from manufacturers that take care of any potential vulnerabilities.
Ensuring your router is well configured and not relying on the default manufacturer settings such as usernames and passwords could help curb this menace.
“Failure to change these is a huge risk since default login details can be hacked online, allowing cyber-criminals to take over your connected devices. Always Change and provide Strong passwords with a mix of Upper case, lower case, numbers and special characters for all your devices as necessary”, says Njoroge.
Related to this is the need to implement a strong password for your Wi-Fi Connection. If supported by encryption the better your security against potential attacks. Passwords should only be accessible to the authorized people using the connection.
These should be reset regularly and which also applies to the Access Point (AP) credentials. It is good practice to change the name of your AP to make it difficult for hackers to easily identify who it belongs to, or what router is providing the service.
Another weak spot is the Remote Management function. Ensure this feature is only turned on when you are certain that you are accessing a safe internet connection. Disable the Universal Plug and Play (UPnP) feature and which is a weak point that can allow access to hackers as it potentially may bypass authentication.
Lastly, always do some research on routers before you make purchases so that you can determine the ones that have adequate consideration on security.