Volume 8, issue 5

Analysis: do router security problems foreshadow IoT hacks?

2 June 2014
By Danny Bradbury
Share |
Anxious-looking male Internet user - has his home router been compromised?

What are the risks of poorly-configured home routers being hacked, made to communicate the wrong data, or to fail altogether?

Nothing is safe on the Internet, including your home router. That may already have been hacked – but if the world becomes as connected as companies are hoping, that could be the least of your worries.

In its June 2014 issue, E&T magazine looked at how enterprise and carrier-class routers are having to defend themselves against hackers and other malevolent online agents (see link below). If baddies gain access to those, they can execute a number of attacks, such as denial of service (DoS) attacks, or snagging network traffic. This is a great way to read, say, Cleartext emails as they pass over a network.

There are different levels of router. Large routers forklift vast amounts of traffic as it passes over the Internet, but there are also millions of home routers, bought off the shelf, and often poorly configured, if at all.

People have already hacked these poorly-protected routers on a large scale. One ‘researcher’ claimed to have installed a mini botnet on 420,000 home routers, producing a 9Tb map of the Internet. Another compromised four and a half million home routers in Brazil alone, changing their DNS records to send them to malicious websites when they tried to visit legitimate ones. From there, they were persuaded to install software on their home machines. The result: an instant botnet.

This is all calamitous enough; but now, consider how this might affect the Internet of Things. It’s a much-lauded concept, in which billions of devices become connected to the Internet, all of them communicating information about themselves and their environment.

Cars will tell central servers when their components are about to fail, and they will be able to tell other cars miles behind them about road blockages, for example. Combined heat and power boilers will communicate with each others’ building management systems and trade energy between each other in dynamically-managed markets. Street lamps will communicate air pollution data in vastly meshed networks. Shipping containers will monitor their contents for environment changes and inform retail outlets further down the supply chain. This is the utopian vision.

But what about the dystopian one, in which poorly-configured devices are hacked, and made to communicate the wrong information, or fail altogether?

If the Internet of Things becomes as crucial to our existence as the likes of Cisco want them to be, that makes the whole thing a foundation for our critical national infrastructure. That makes it a primary attack target for those wishing to disrupt it, for financial or strategic gain.

The problem with many of the tiny Internet of Things sensors that are about to be deployed is that they aren’t easily patched. They operate independently in the field, and may have a long life span but often aren’t designed to be updated. Manufacturers  do not have the incentive to and, even if they did, the technical challenge of updating a component in your car (or your Internet of Things-connected pacemaker) might prove daunting.

Deployment of the Internet of Things will soon be advancing, and it’s going to overshadow the router security problem by an order of magnitude. It’ll provide security companies with lots of fodder for finger-wagging reports – and nation states with a massive attack surface. And the scary likelihood is that until the first real cyberwar kicks off, we won’t even know that we’ve been hit.

More information:
Router vendors responding to growing attacks

Share |
Related forum discussions
forum comment To start a discussion topic about this article, please log in or register.    

Latest Issue

E&T cover image 1606

"Where would Frankenstein and his creative mind fit into today's workplace? Should we fear technological developments or embrace them?"

E&T jobs

  • Graduate Electrical Engineers

    AECOM
    • United Kingdom and Ireland
    • Competitive

    Due to the diverse nature of our business there are many different teams each with very different responsibilities.

    • Recruiter: AECOM

    Apply for this job

  • Network Innovation Engineer / Analyst - UK Power Sector

    Premium job

    Nortech Management Ltd
    • Birmingham, West Midlands or Pershore (Worcestershire)
    • £30,000 - £35,000 (depending on experience) + benefits

    Network Innovation Engineer / Analyst to join a team of talented technology enthusiasts who design and support the low carbon networks of the future.

    • Recruiter: Nortech Management Ltd

    Apply for this job

  • Electrical Engineer with Strong telecoms background

    Premium job

    Sure South Atlantic Ltd
    • Falkland Islands

    Sure South Atlantic Ltd currently has a unique engineering opportunity in their Falkland Islands office. Surrounded by the Atlantic Ocean, teeming ...

    • Recruiter: Sure South Atlantic Ltd

    Apply for this job

  • Cyber, Communication, Information and Data Scientist roles

    Premium job

    Dstl
    • Porton Down, Salisbury
    • Competitive salaries

    Information is everything. Use it to serve your country and help keep us safe.

    • Recruiter: Dstl

    Apply for this job

  • Production Engineer

    Premium job

    Compact Engineering
    • Thirsk / Leeds / Banbury / Colchester / Cambridge
    • Salary will be competitive and commensurate with experience, knowledge, aptitude and capability

    A Production Engineer with some knowledge and understanding of radiant energy transfer.

    • Recruiter: Compact Engineering

    Apply for this job

  • Electronics Engineer

    Premium job

    Nikon Metrology Europe
    • Tring, Hertfordshire

    Nikon Metrology is looking for an Electronics Engineer to join our Electronics Team based in Tring (UK).

    • Recruiter: Nikon Metrology Europe

    Apply for this job

  • Engineering Manager

    BAE Systems
    • Hampshire, England, Portsmouth
    • Competitive package

    Would you like to play a vital role in managing and implementing the correct governance in order to enable BAE Systems to provide assurance and integrity of supply chain data? We currently have a vacancy for an Engineering Manager - Product Integrity

    • Recruiter: BAE Systems

    Apply for this job

  • Engineering Project Manager - Electrical & Automation

    Nestle
    • York, North Yorkshire
    • c£45,000 + Car Allowance + Bonus + Excellent Benefits

    Nestlé Product Technology Centre in York currently has an excellent opportunity for an Engineering Project Manager

    • Recruiter: Nestle

    Apply for this job

  • Consultant Engineer - Test

    BAE Systems
    • Farnborough, Hampshire, England
    • Negotiable

    Consultant Engineer - Test Would you like to be a lead within an exciting team working on one of the UK's largest defence projects? We currently have a vacancy for a Consultant Engineer - Test at our site in Ash Vale. As a Consultant Engineer - Test, you

    • Recruiter: BAE Systems

    Apply for this job

  • ELECTRICAL PROJECT ENGINEER

    SSE
    • Reading, Berkshire
    • SALARY: £37,588 TO £55,669 + CAR (SSE8/9), DEPENDING ON SKILLS AND EXPERIENCE

    SSE are looking to recruit an Electrical Project Engineer into office in Reading

    • Recruiter: SSE

    Apply for this job

More jobs ▶

Subscribe

Choose the way you would like to access the latest news and developments in your field.

Subscribe to E&T