Volume 8, issue 5

Analysis: do router security problems foreshadow IoT hacks?

2 June 2014
By Danny Bradbury
Share |
Anxious-looking male Internet user - has his home router been compromised?

What are the risks of poorly-configured home routers being hacked, made to communicate the wrong data, or to fail altogether?

Nothing is safe on the Internet, including your home router. That may already have been hacked – but if the world becomes as connected as companies are hoping, that could be the least of your worries.

In its June 2014 issue, E&T magazine looked at how enterprise and carrier-class routers are having to defend themselves against hackers and other malevolent online agents (see link below). If baddies gain access to those, they can execute a number of attacks, such as denial of service (DoS) attacks, or snagging network traffic. This is a great way to read, say, Cleartext emails as they pass over a network.

There are different levels of router. Large routers forklift vast amounts of traffic as it passes over the Internet, but there are also millions of home routers, bought off the shelf, and often poorly configured, if at all.

People have already hacked these poorly-protected routers on a large scale. One ‘researcher’ claimed to have installed a mini botnet on 420,000 home routers, producing a 9Tb map of the Internet. Another compromised four and a half million home routers in Brazil alone, changing their DNS records to send them to malicious websites when they tried to visit legitimate ones. From there, they were persuaded to install software on their home machines. The result: an instant botnet.

This is all calamitous enough; but now, consider how this might affect the Internet of Things. It’s a much-lauded concept, in which billions of devices become connected to the Internet, all of them communicating information about themselves and their environment.

Cars will tell central servers when their components are about to fail, and they will be able to tell other cars miles behind them about road blockages, for example. Combined heat and power boilers will communicate with each others’ building management systems and trade energy between each other in dynamically-managed markets. Street lamps will communicate air pollution data in vastly meshed networks. Shipping containers will monitor their contents for environment changes and inform retail outlets further down the supply chain. This is the utopian vision.

But what about the dystopian one, in which poorly-configured devices are hacked, and made to communicate the wrong information, or fail altogether?

If the Internet of Things becomes as crucial to our existence as the likes of Cisco want them to be, that makes the whole thing a foundation for our critical national infrastructure. That makes it a primary attack target for those wishing to disrupt it, for financial or strategic gain.

The problem with many of the tiny Internet of Things sensors that are about to be deployed is that they aren’t easily patched. They operate independently in the field, and may have a long life span but often aren’t designed to be updated. Manufacturers  do not have the incentive to and, even if they did, the technical challenge of updating a component in your car (or your Internet of Things-connected pacemaker) might prove daunting.

Deployment of the Internet of Things will soon be advancing, and it’s going to overshadow the router security problem by an order of magnitude. It’ll provide security companies with lots of fodder for finger-wagging reports – and nation states with a massive attack surface. And the scary likelihood is that until the first real cyberwar kicks off, we won’t even know that we’ve been hit.

More information:
Router vendors responding to growing attacks

Share |
Related forum discussions
forum comment To start a discussion topic about this article, please log in or register.    

Latest Issue

E&T cover image 1607

"As the dust settles after the referendum result, we consider what happens next. We also look forward to an international summer of sport."

E&T jobs

  • Control System Engineer

    United Utilities
    • Lancaster, Lancashire
    • Up to £33415 + Comprehensive Benefits

    Provide ICA maintenance and engineering support to the Water & Wastewater Production

    • Recruiter: United Utilities

    Apply for this job

  • Signal Processing Engineer

    B&W Group
    • Steyning, West Sussex
    • Competitive Salary

    We are looking for a Signal Processing Engineer to support the R&D process on active loudspeaker products.

    • Recruiter: B&W Group

    Apply for this job

  • Principal Mechanical & Electrical Engineer

    De Montfort University
    • Leicestershire
    • Grade G: £36,672 - £46,414 per annum

    Join the Projects Team to develop and manage medium to large projects on the university estate.

    • Recruiter: De Montfort University

    Apply for this job

  • Advanced Commissioning Engineer

    National Grid
    • Nottinghamshire, Nottingham, England
    • £46000 - £57000 per year

    National Grid is at the heart of energy in the UK. The electricity we provide gets the nation to work, powers schools and lights everyone's way home. Our energy network connects the nation, so it's essential that it's continually evolving, advancing and i

    • Recruiter: National Grid

    Apply for this job

  • Electrical Design Engineer

    Oxford Instruments
    • Yatton, Bristol
    • Competitive salary plus excellent benefits

    We are looking for an electrical designer to join our engineering design team.

    • Recruiter: Oxford Instruments

    Apply for this job

  • Skilled Electrical Fitter

    MBDA
    • Bolton
    • Competitive Salary & Benefits

    What?s the opportunity?   The Electrical Fitter will carry out manufacturing and test tasks within the electrical department in accordance with product certification procedures, defined workmanship  ...

    • Recruiter: MBDA

    Apply for this job

  • Electrical Manufacturing Technician

    MBDA
    • Stevenage
    • Competitive Salary & Benefits

    What?s the opportunity?   As a qualified craftsman with experience in electrical manufacturing, the Manufacturing Technician will report to a Team Leader, receiving day to day ...

    • Recruiter: MBDA

    Apply for this job

  • Consultant Engineer (Electrical Power)

    BAE Systems
    • Cumbria, Barrow-In-Furness, England
    • Negotiable

    Consultant Engineer (Electrical Power) Would you like to play a key role in providing technical direction to the design of power systems on the Successor class submarines, which will replace the current Trident-equipped Vanguard class, currently in servic

    • Recruiter: BAE Systems

    Apply for this job

  • Electrician

    The Bristol Port Company
    • City of Bristol
    • C. £31,729 per annum plus supplements, benefits and overtime

    You’re a good team worker with a strong technical capacity – so bring your talents to a new role with one of the area’s leading employers.

    • Recruiter: The Bristol Port Company

    Apply for this job

  • Supply Restoration Team Manager (HV/SAP)

    SSE
    • Oxford, Oxfordshire
    • Salary: £37,588 to £49,645 + Car (SSE8) Depending on skills and experience

    SSE is looking to recruit a Supply Restoration Team Manager to join our existing team in Oxford.

    • Recruiter: SSE

    Apply for this job

More jobs ▶

Subscribe

Choose the way you would like to access the latest news and developments in your field.

Subscribe to E&T