Time to Change the Router Password
Recently, security researchers discovered a method of hacking that involves the hijacking of routers from homes and small offices. Apparently, hackers have discovered how to gain remote administrative control over routers with poor security and devices with default, factory-given passwords. Attackers are using botnets to gain control of these routers, and from there using the routers to overpower websites that can’t handle large amounts of traffic.
Researchers at Incapsula, a DDoS-protection firm, say that the attacks have been going on for a few months now and they are not slowing down. Incapsula recorded attacks from 40,269 IP belonging to 1,600 ISPs- all from different places in the world and all within the last 4 months. This large number of attacks is all due to the poor design of computer equipment and users who have little to no experience with technology. But it isn’t completely the inexperienced user’s fault, as some manufacturers create their routers in a way that sets them up for this sort of manipulation. Many routers are given the same exact administrator username and password, and many times remote administration is set to default. Users of these routers receive no warning that would alert them about the importance of changing the factory-given password and other default settings.
These exploited routers are not a new form of hacking. Many manufacturers are known to be vulnerable to this sort of attack, such as Linksys, Asus, D-Link, Micronet, Tenda, and TP-Link. Incapsula, the aforementioned DDoS-protection firm, has contacted some of these companies. Some of the evidence Incapsula has collected connects the router attacks with a group known as “Lizard Squad,” a group that once used routers to hack into Sony and Microsoft’s game system networks.
While DDoS attacks are bad, they are not the only type of hacking that results from unprotected routers. Compromised routers also allow for the interception of communications within home networks or small business networks. This being said, the best solution as of now is for router owners to ensure that their personal or business routers are no longer on the default password and settings. Passwords should be as strong as possible, and firmware should be kept updated in order to prevent more routers from joining this self-sustaining botnet.