Reasons why routers can be exposed to security threats
So, why is it that routers are seemingly so vulnerable? It turns out there are a few possible explanations.
Poor patching. Despite exploits against a wide range of network devices, modems and routers being publicly available on the internet - some manufacturers have chosen to largely ignore the problem.
That means that even if you want to patch your DSL router against a known security vulnerability, a fix may not be available for you.
Default passwords. In some cases, a vulnerability may not even be needed. For instance, if a device uses a known default password, a malicious hacker does not have to go to any effort to bypass the device's authentication.
Lack of user awareness. Users of network devices may not be aware that it is necessary to keep them up-to-date with security patches, or that patches are available.
Non-standard update model. The method by which devices are updated can vary from manufacturer to manufacturer, making it more complex for the user.
"Massive attacks are real and here to stay"
Fabio Assolini says that there are number of groups who could carry a proportion of the blame, aside from the hackers themselves.
According to Assolini, security researchers need to be more proactive in reporting flaws related to routers, ADSL modems and other network devices to prevent them from being exploited by malicious hackers. And, of course, the manufacturers have to be responsive.
ISPs are guilty too, says the Kaspersky analyst. He says that it is common for Brazilian ISPs to lend their customers old and vulnerable network devices, and that this is probably happening in other parts of the world too.
And, says the security researcher, governments may not be doing enough. Assolini claims that ANATEL, Brazil's national agency for telecommunications, approves internet hardware before it can be sold, but it does not verify the security of devices - only standard functionality.
