Looking for B2B E-Commerce Leads? The E-Commerce Times Offers a 100% Satisfaction Guarantee Request Info




Posted By:  ECT News Network on 02/22/2018 in Security

How That WiFi Router Can Put Your Business at Risk

How That WiFi Router Can Put Your Business at Risk

Most WiFi router vendors have not patched numerous firmware vulnerabilities discovered more than two years ago, according to a report Insignary released this month, LinuxInsider reports.

OEM firmware built into WiFi routers use open source components that contain numerous known security vulnerabilities that can be exploited by hackers, it notes.

Insignary, a startup security firm based in South Korea, conducted comprehensive binary code scans for known security vulnerabilities in WiFi routers. The company conducted scans across a spectrum of the firmware used by the most popular home, small and mid-sized business and enterprise-class WiFi routers.

Although KRACK may be the newest and potentially most harmful WPA2 security vulnerability, router firmware vulnerabilities are far more extensive and dangerous, based on the firm's findings.

"While KRACK WPA2 is the latest WiFi security vulnerability, it appears to be just the tip of the iceberg, compared to what currently exists in router firmware," said Tae-Jin Kang, CEO of Insignary.

The company has been monitoring WiFi router issues since the infamous botnet attack in the fall of 2015 brought down the Internet for a couple of days. Many of the vulnerabilities Insignary found in 2016 were present in scans performed last year.

"This is distressing. Many vendors continued to ignore problems that could easily be fixed. These are devices that we use on a daily basis," Kang told LinuxInsider.

Why the Linux OS is at Risk

The 2015 attack was carried out not by zombie PCs but by 300,000 compromised IoT devices. People had theorized about the possibility of such an attack, and that incident proved it could be done, said Kang.

"So we decided it was time to raise awareness. This is a serious problem. We are talking about well-known security issues that still exist in the routers. These devices can be compromised in many ways. WiFi devices are pervasive," he warned.

The threat is specific to IoT devices rather than to computers and other mobile devices. However, the Linux operating system also may be in the crosshairs because so many variations of Linux distributions prevent a centralized patch deployment solution, Kang explained.

Windows 10 and the macOS have addressed the security issues to neutralize the router vulnerabilities. An important factor in their doing so is that those OSes are not open source, he said.

"I'm not saying that open source itself is inherently less secure, Kang emphasized. "The Linux community has done a very good job of responding to security issues. The problem is that even with rapid updating of patches, the distribution process is decentralized and fragmented with the Linux OS."

How the Study was Done

Insignary conducted the scans during the last two weeks of November 2017. Its research and development team scanned 32 pieces of WiFi router firmware offered in the U.S., Europe and Asia by more than 10 of the most popular home, SMB and enterprise-class WiFi router manufacturers: Asus, Belkin, Buffalo, Cisco, D-Link, EFM, Huawei, Linksys, Netis and TP-Link.

The researchers used a specialized tool Insignary developed to scan the firmware. They also leveraged Clarity, a security solution that enables proactive scanning of software binaries for known, preventable security vulnerabilities, and identifies license compliance issues.

Clarity uses a unique fingerprint-based technology. It works on the binary-level without the need for source code or reverse engineering. Clarity compares the scan results against more than 180,000 known vulnerabilities based on the fingerprints collected from open source components in numerous open source repositories.

Once a component and its version are identified through Clarity's fingerprint-based matching using numerous databases such as NVD and VulnDB. Clarity adds enterprise support, "fuzzy matching" of binary code, and support for automation servers like Jenkins.

Open Source Vulnerabilities

The WiFi router firmware sold by the top manufacturers contained versions of open source components with security vulnerabilities, the binary scans indicated. Most models' firmware contained "Severity High" and "Severity Middle" security vulnerabilities. This means that the deployed products and firmware updates remained vulnerable to potential security threats.

A majority of the models' firmware made use of open source components with more than 10 "Severity High" security vulnerabilities, based on the examination.

Half of the firmware used open source components containing "Severity Critical" security vulnerabilities, according to researchers.

The report lists the following "Severity Critical" security vulnerabilities found in open source firmware components:

  • WPA2 (KRACK) -- Key reinstallation attack;
  • ffmpeg -- Denial of Service;
  • openssl -- DoS, buffer overflow and remote code execution;
  • Samba -- Remote code execution.

In many cases, router vendors evidently have not made use of the correct, up-to-date versions of the affected software components, the researchers concluded.

Unnecessary Risks 

"Vendors rarely support and update routers after the first two years at most," noted Brian Knopf, senior director of security research and IoT architect at Neustar.

Two more reasons make the report findings noteworthy, he told LinuxInsider. One, router manufacturers spend very little money on security because they tend to dislike cutting into their already-slim margins.

Also, many routers require customers to check for updates. This has been changed on some newer routers, but there are millions of old routers in use by consumers, which can be validated by some simple Shodan queries, Knopf said.

"Device vendors not performing updates is definitely an unnecessary risk," said Justin Yackoski, CTO of Cryptonite.

Doing it right is non-trivial, and businesses and consumers need to look at the history of updates for a vendor before they make a purchase," he told LinuxInsider.

However, price often wins out, Yackoski added, leaving it up to the FCC, DHS or an act of Congress to force the ultimate solution on router makers.

OpenSSL 

All of the firmware leveraged Busybox and Samba by default, the report shows. More than 60 percent used OpenSSL.

Significant security issues arise from OpenSSL. That should prompt vendors to apply the latest patches consistently or use the version of the software that contains the fix, the researchers maintained.

Much of the firmware did not utilize the correct, most up-to-date versions of the OSS components available, the study revealed.

Vendor Responsibilities

The open source community has created new versions of the components to address all of the previously listed security vulnerabilities. Vendors can employ these versions to prevent data breaches and resulting litigation that can cause significant corporate losses, according to Insignary.

During discussions with various vendors, Insignary encountered one manufacturer that expressed a preference to apply patches manually, line by line. While that method may work, it is still recommended that firmware developers scan their binaries to ensure that they catch and address all known security vulnerabilities.

Insignary's findings suggest two possibilities for the failure to use the correct component version by WiFi router vendors: 1) the home, SMB and enterprise-class router vendors did not consider the vulnerabilities worth addressing; 2) they did not use a system that accurately finds and reports known security vulnerabilities in their firmware.

Unpatched Router Firmware

Business and home users remain at risk even if they do not run the Linux desktop or server. Compromised WiFi routers provide hackers with a malicious way to takeover network equipment. It is a critical issue, said Andrew McDonnell, president of AsTech.

"In addition to potentially becoming part of a botnet, the router also grants attackers a beachhead in your environment. They can surreptitiously disrupt or intercept communication along with using it as a launch point to attack other systems on the internal network," he told LinuxInsider.

Unpatched router firmware is a very serious security issue that opens up vulnerable routers to various nefarious motives, noted Louis Creager, IoT security analyst at Zvelo.

Besides attracting botnets for purposes like DDoS attacks and spam campaigns, it can compromise sensitive user information going through the router.

"Home users and business owners could see their IP addresses end up on lists of known botnet traffic, which can impact their everyday browsing activity as websites and online services block traffic from these sources," Creager told LinuxInsider.

OEMs Must Allocate Resources

The patching process depends on who builds the device, where the vulnerability exists, and who is responsible for the fix, noted Neustar's Knopf.

Then vendors have to get the SDK for the chipset from the chipset vendor (Intel, Qualcomm, Broadcom, etc.) and add their own Board Support Package utilities, which are the drivers for the chipset, to program the router and the tools used to validate the devices, he added.

"OEMs need to allocate resources to at least maintain awareness of newly discovered vulnerabilities in their systems and then issue updated firmware," said AsTech's McDonnell. "It's also essential to make clear to users that the updates are available so that they are applied."

If there is a known vulnerability, the end user really can't do much. The best option would probably be to flash the router with an open source firmware such as DDWRT, OpenWRT or LEDE, he suggested.

"While open source firmware versions are never going to be perfect," McDonnell acknowledged, "there is a whole community who maintains and fixes issues."

Jack Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open source technologies. He has written numerous reviews of Linux distros and other open source software. Email Jack.


About the Experts

Insignary specializes in open source software, compliance and security. The company is based in South Korea.


Neustar provides real-time information and analytics for the Internet, telecommunications, entertainment, and marketing industries. It also provides clearinghouse and directory services to the global communications and Internet industries.


Cryptonite provides moving target cyber defense. Its products and services help networks to actively shield themselves from cyberattacks by preventing all attacker reconnaissance and lateral movement. The company's customer base includes leading commercial and government customers around the world.


AsTech is a cyber-risk management firm dedicated to helping organizations discover and remediate vulnerabilities to secure critical information assets. The company helps mitigate risk by offering a suite of cybersecurity services, which includes deep technical expertise in building highly effective security programs that empower development teams to employ strong, security coding practices throughout SDLC.


Zvelo provides content, contextual and malicious datasets that power the market’s leading Ad Tech, Information Security and Subscriber Analytics vendors for applications including web filtering, brand safety, traffic quality analysis, contextual targeting, subscriber analytics and ad fraud prevention.



Related Articles


Posted By: 

ECT News Network

Show Phone Number
818.461.9700
View Profile

Member since 06/10/2017

Contact ECT News Network

Search Blog Articles

Get the ALL EC Newsletter