If ever there was a time to impress upon you the urgency of making sure your router and home network are as secure as possible, it is now.
Independent Security Evaluators of Baltimore have released a report indicating that some of the most popular routers are shockingly hackable. If your network is based around off-the-shelf routers like the Linksys WRT310Nv2, Netgear WNDR4700, Belkin N300 and N900, TP-Link WR1043N, or Verizon Actiontec’s, among others, anyone with LAN or WLAN access and nefarious intent can easily make your life miserable.
According to an article recently published by CNET, router hacks are “a small but growing segment of computer security threats.” And while it may be statistically unlikely that you end up the victim of a router hack, the information contained in the average person’s wireless network (credit card numbers, personal documents, e-mails) is worth fiercely protecting.
How Do the Hackers Do It?
The ISE (and CNET) pointed to three different methods of hacker attack. They are:
–Trivial attacks, the weakest of the three. These attacks are the least successful because they are launched with no credentials and no human interaction. Remote trivial attacks never work, but local trivia attacks (ones launched by someone connected to the network) work about 1/3 of the time.
–Unauthenticated attacks, which are only slightly more successful than trivial attacks. They also work about 1/3 of the time during local attacks, but can occasionally work remotely. They’re based around human interaction, such as “following a malicious link or browsing to an unsafe page, but do not require an active session or access to credentials.”
–Authenticated attacks, which are the most effective of all. In these cases, the attacker has access to the victim’s credentials, or the victim’s router has never been changed from it’s default credentials (some firmwares simply won’t allow the default usernames to be changed). Authenticated attacks almost always work.
The ISE tested these routers starting with an attack method called “cross-site request forgery”, which sends unauthorized commands from an otherwise trusted website. From there, as the ISE explained in an e-mail to CNET, things get a little more technical:
“After that, our standard attack was to reset the administrative password to a known value, or add a new administrator, and then enable remote management. Only when this was not possible (e.g., some routers require the old password as part of the request to change it) did we try other attacks. Those included: shell command injection, directory traversal to share the root of the filesystem over an Internet-accessible ftp server, exploiting a race condition to upload shell scripts over ftp and then have them execute, enabling additional vulnerable services, and some more.”
Maybe you can parse that into understandable english; maybe not. Either way, the point is that these routers are not safe, and even if your router is not on the list of those tested by the ISE, it’s still worth taking all of the necessary precautions to keep your information and network secure.
How FlashRouters Can Help You
So your router is vulnerably; astoundingly so, even. What can you do?
According to CNET, there are basic steps that everyone should take – practice rudimentary, obvious caution when giving your information on the internet, make sure your router is properly set up – but that will only take you part of the way. Craig Heffner at Tactical Network Solutions offers this tip: “The best thing you can do is open a third-party firmware such as…Tomato.”
And wouldn’t you know it, FlashRouters just happens to offer routers flashed with Tomato firmware; the best available, in fact. Our routers come equipped with this high-quality firmware in order to ensure that A) you don’t end up bricking the router by going through the tricky process of trying to install this firmware and B) your router comes out the box ready to revolutionize your wireless network and stabilize your online security.
Some of our most popular Tomato routers include the Cisco Linksys E4200, which is one of the fastest personal-class routers available, turned into a beast when upgraded with Tomato firmware. Then of course, there’s the Dark Knight, the Asus RT-N66U Tomato FlashRouter, the superhero of our router line, one whose speed, power, and reliability make it the world-class router to beat.