An update to my post from last week regarding vulnerabilities in WiFi access points …
Team Cymru, a non-profit security research organization, recently reported that some TP-Link wireless routers had been compromised in such a way as to redirect the DNS (Domain Name System) requests to a couple of suspicious IP addresses.
Without going into the technical details of what this means the effect would be that a hacker could reroute traffic from those home networks to a destination of his choosing. In other words, a user types “www. google.com” into their browser and ends up instead at “www.hacked-google.com” or some such. Scary stuff since we all depend on the DNS to get us to the correct web sites, connect to our email and so forth.
Team Cymru then updated their findings this week to reveal that they have identified more than 300,000 such home routers that have been compromised and the list includes not only TP-Link models but also those from D-Link, Micronet, Tenda and more.
My previous post focused on Linksys equipment so, as you can see, the larger problem of vulnerable WiFi access points and routers runs across the various manufacturers. In other words, don’t think you’re safe just because your particular make and model hasn’t been explicitly listed so far. It’s probably just a matter of time.
So now that we know the risk is real and not just theoretical, what should you do? Here’s some good advice from Team Cymru as summarized by PC World:
“Team Cymru researchers advise users to disable remote management over the Internet on their routers and to keep their firmware up to date. If remote administration is absolutely necessary, steps should be taken to restrict remote access to only particular IP addresses. Other recommendations include: changing the default passwords, not using the default IP address ranges for a LAN, logging out every time after accessing the router interface, checking the router’s DNS settings frequently to ensure they haven’t been modified, and using SSL (Secure Sockets Layer) to access the router’s Web interface if the option is available.”
Hopefully, one day all our routers and access points will be able to securely patch themselves as we have done with Windows, OS X and others, but until that happens, you now at least know what to do.
A quick “heads up” that I will be presenting on the topic of Social Media Threats on Friday, March 7, at the Delaware Valley Chapter of the Information Systems Security Association. Here’s a link for more info:
Also, I’ll be presenting on Access Management and Federated Identity Management on Thursday, March 20, at the Harrisburg (PA) Chapter of ISACA (previously known as Information Systems Audit and Control Association). Link below:
Inside Internet Security 