A few weeks ago, the United States Computer Emergency Readiness Team (US-CERT) issued an alert about state-supported Russian hackers carrying out attacks against a large number of home routers in the U.S.
This is a big deal, so pay attention. When your router is compromised, a hacker can inflict damage, not just on the router itself, but on every connected device running on your network.
The FBI issued a report recommending that everyone reboot their routers after researchers from Cisco’s Talos Intelligence Group discovered a malware threat called VPNFilter.
This malware has the ability to watch the traffic that is moving through the router – stealing data, executing commands, blocking network traffic, and even “bricking” the device. Once a device is “bricked” it can’t be recovered and is forever unusable.
“Quite anything is possible, this attack basically sets up a hidden network to allow an actor to attack the world from a stance that makes attribution quite difficult.” Craig Williams, Talos’ director
If you’ve followed my blog for a while you already know I’m not a big fan of internet connected appliances such as refrigerators and washing machines. Much of the technology seems redundant and I’m skeptical about comparability issues and how many software updates might be available in the future. Now, after listening to a podcast from Cisco Talos, I have greater security concerns.
The bad guys are always forced to be more and more creative as their existing threats are discovered – leading them to hack more IoT devices – like your refrigerator, your thermostat or IP cameras.
The Talos guys – who are way smarter than me – researched simple devices that can be easily attacked. They found that most all of the manufacturers of these IoT devices don’t have the capability to write software updates or create patches. Many of these companies are making their products as cheaply as possible to turn a profit and then shortly after manufacturing, the “development team and tool chain is all gone and no one is left who knows how to do it.”
Unless you are taking the time to check each device or appliance’s logs, you simply won’t know if you’ve been hacked or infected.
Lets say you get a daily message on WhatsApp from your dishwasher to know the cycle is over. Everyday it seamlessly connects to Amazon’s EC2 cloud and sends you updates until one day it connects to a data center in the Ukraine. That is when you need to worry. But how will you know? How much thought do you give to a dishwasher as long as your dishes come out clean?
The good news is that there are “umbrella” products available to police your connections. These controls are referred to as endpoint security platforms (EPP) provided by managed security service providers (MSSPs).
What distinguishes endpoint security offerings from simple home computer protection is the idea that the security tools on the endpoints are managed centrally by corporate IT. The security measures run on two tiers: there are software agents that run in the background on endpoints, and a centralized endpoint security management system that monitors and controls the agents.
If you set up the proper access controls in the beginning, keeping track of your internet security will be easier.
To learn more about this threat and actions you can take today to secure your router, read this article. If your router is 15 years old, it’s best to buy a new one.
I’d like to see major appliance manufactures start to address this with assurances to homeowners they are offered smart appliances with the capability to perform troubleshooting activities themselves.