An update to my post from last week regarding vulnerabilities in WiFi access points …
Team Cymru, a non-profit security research organization, recently reported that some TP-Link wireless routers had been compromised in such a way as to redirect the DNS (Domain Name System) requests to a couple of suspicious IP addresses.
Without going into the technical details of what this means the effect would be that a hacker could reroute traffic from those home networks to a destination of his choosing. In other words, a user types “www. google.com” into their browser and ends up instead at “www.hacked-google.com” or some such. Scary stuff since we all depend on the DNS to get us to the correct web sites, connect to our email and so forth.
Team Cymru then updated their findings this week to reveal that they have identified more than 300,000 such home routers that have been compromised and the list includes not only TP-Link models but also those from D-Link, Micronet, Tenda and more.
My previous post focused on Linksys equipment so, as you can see, the larger problem of vulnerable WiFi access points and routers runs across the various manufacturers. In other words, don’t think you’re safe just because your particular make and model hasn’t been explicitly listed so far. It’s probably just a matter of time.
So now that we know the risk is real and not just theoretical, what should you do? Here’s some good advice from Team Cymru as summarized by PC World:
“Team Cymru researchers advise users to disable remote management over the Internet on their routers and to keep their firmware up to date. If remote administration is absolutely necessary, steps should be taken to restrict remote access to only particular IP addresses. Other recommendations include: changing the default passwords, not using the default IP address ranges for a LAN, logging out every time after accessing the router interface, checking the router’s DNS settings frequently to ensure they haven’t been modified, and using SSL (Secure Sockets Layer) to access the router’s Web interface if the option is available.”
Hopefully, one day all our routers and access points will be able to securely patch themselves as we have done with Windows, OS X and others, but until that happens, you now at least know what to do.
Windows users learned (the hard way) a long time ago that their PC could be infected with viruses, Trojan horses, worms and the like without their knowledge. Anti-virus vendors have made a mint off of capitalizing on the concerns that grew from that basic fact. Eventually, Microsoft decided it was in their best interest to make available free security tools that could help limit the threat and mitigate some of the PR hits their brand kept taking with each new outbreak of malware.
As discussed in this blog before, there is nothing about Linux, UNIX or OS X that makes those platforms inherently immune to virus attacks either, although, the sheer number of known malware instantiations is lower. Mobile devices, which are, after all, nothing more than miniaturized computers that also happen to have built-in cameras, MP3 players and telephony features are vulnerable as well. In fact, the first mobile malware was first spotted 10 years ago, if you can believe it. Clearly, none of this is a new problem.
Well, guess what? You know that WiFi access point you installed in your home a few years back or the ones you never see but freely use at the local coffee shop could be infected as well? How about the possibility that the wireless in your doctor’s office waiting area is as sick as the patients sitting next to you?
Yep, malware for WiFi is the latest unfortunate turn of the technological crank and, once again, we shouldn’t be surprised. Routers and access points are, after all, just special purpose computers and, in most cases, ones that have never been patched since the day they were installed.
One recent study found that:
Using the top 50 selling home routers for sale on Amazon, the firm detected software vulnerabilities in three quarters with a third of these having publically documented flaws open for any attacker to exploit. Common problems included vulnerable management interfaces and dodgy authentication.
So that’s 75% of the most popular devices are vulnerable. Great. But the hits just keep coming …
Researchers at the University of Liverpool have shown for the first time that WiFi networks can be infected with a virus that can move through densely populated areas as efficiently as the common cold spreads between humans.
The team designed and simulated an attack by a virus, called “Chameleon”, and found that not only could it spread quickly between homes and businesses, but it was able to avoid detection and identify the points at which WiFi access is least protected by encryption and passwords.
So let’s review…
I don’t know that WiFi access point anti-virus tools are waiting just around the corner. However, I do know that it would be a good idea to take another look at the access points you can control and review the security settings and update the firmware. Don’t say I didn’t warn you …
It’s been an interesting year in the world of IT security and privacy. It turns out that all the world’s spy agencies are, in fact, spying on each other. Shocking, right? OK, so they aren’t just spying on other spies but probably you and me as well to one degree or another. How much do they know? How long have they known it? How is the information being used?
I think the best answer is a quote from Tom Waits that predates this latest controversy but is quite apropos, nevertheless …
“The folks who know the truth aren’t talking. The ones who don’t have a clue, you can’t shut them up.”
In other words, don’t believe everything you hear because the people making the most noise tend to be those with the least actual information. At the risk of falling into that latter category I will suggest that the organizations that might know more about you than the TLAs (Three Letter Agencies) are the ones that we voluntarily give up our personal information to in exchange for free email, social media, cloud storage, navigation services, etc.
Along those lines comes a revelation that sits squarely between the uncomfortable intersection of security and convenience — your wifi passwords. If, for instance, you have an Android device you probably connect it to a wireless LAN on occasion. Unless you enjoy typing in long, complicated passwords on tiny keyboards, you probably opted to let the OS store this info for future use. For further convenience you probably allow Google to back up the settings on your phone since this makes recovery far easier when you get a new one. All very nice but …
This means that Google is storing all those “secret” passwords somewhere in their cloud. Who has access? How well is it secured? How could this information be used/abused? Now the heartburn begins…
I have no idea whether Google does a great job or a poor job of securing this data just like I have no idea how well credit card numbers and other sensitive information is being secured on systems for major retailers but I do know that at least in the case of the latter there have been some major breaches. We might not know about these failures were it not for legislation that requires public disclosure of such incidents and I suspect we wouldn’t necessarily know about similar compromises in social media, email and other Internet-based services.
And don’t make the mistake of thinking that a leak of wifi passwords would only affect a few home networks or that if you choose not to have your info backed up by Google or because you use an iPhone or no phone at all that you will be safe because all it takes is for one user — any user — of any wifi network you use to have saved and backed up this info for it to make everyone on that network at risk.
Just another reason why you should make sure that you use a good VPN or SSL connection, even when you think you are on a secure wifi network…