Security issues in ADSL and other routers

I’ve never been a fan of using ADSL/Wifi routers as the main firewall for a network ( which unfortunately ends up being the case for most home users ). These are devices built to the cheapest price, using the cheapest software development and generally, there are very few ( if any updates ) for security issues on these devices. Even if there are firmware updates available, end-users tend not to update these either through ignorance or lack of skill.

There are many vulnerabilities relating to ADSL/Wireless routers in the wild, often causing havoc with DNS and other systems. The latest bug relates to open DNS proxies on routers resulting in a 24-million router DNS denial of service attack on ISPs.

A backdoor in some Linksys and Netgear wireless routers that allows malicious users to reset the devices’ configuration to factory settings and, therefore, to default router administration username and password, has been discovered and its existence shared with the world.

Another is the Wifi hacking trojan, RBrute which infects Wifi routers and then distributes the Sality malware family which can subsequently infect Windows systems with web/dns redirection, remote access, information theft, rootkit capabilities, disabling firewalls/av and downloading additional malware. The list goes on and on. This stuff is nasty to say the least.

This doesn’t stop at low-end routers like TP-Link, Netgear and Dlink – others like Linksys and Belkin are also often targeted. The main problems with these routers come in 2 areas:

1. mis-configuration

2. software issues

The mis-configuration issue can be laid at both the end-users’ and manufacturers doors. First, end-users aren’t always skilled enough to configure these systems properly. Second, manufacturers often add additional accounts to routers that aren’t normally used and end-users are unaware of. These then present back-doors for malware and attackers to misuse.

The quality of software development in these systems is of a very low quality resulting in all sorts of vulnerabilities such as cross-site scripting issues to DNS amplification attacks. Manufacturers also tend to update their routers very seldom ( if at all ) resulting in the bulk of routers out there having some issue or other.

If you are going to use an ADSL/Wifi router, then make sure you update its firmware to the latest available, and clsoe/change passwords for any accounts on the unit. Better yet, you should put the unit into bridge mode and use a proper firewall for your protection.