Volume 8, issue 5

Analysis: do router security problems foreshadow IoT hacks?

2 June 2014
By Danny Bradbury
Share |
Anxious-looking male Internet user - has his home router been compromised?

What are the risks of poorly-configured home routers being hacked, made to communicate the wrong data, or to fail altogether?

Nothing is safe on the Internet, including your home router. That may already have been hacked – but if the world becomes as connected as companies are hoping, that could be the least of your worries.

In its June 2014 issue, E&T magazine looked at how enterprise and carrier-class routers are having to defend themselves against hackers and other malevolent online agents (see link below). If baddies gain access to those, they can execute a number of attacks, such as denial of service (DoS) attacks, or snagging network traffic. This is a great way to read, say, Cleartext emails as they pass over a network.

There are different levels of router. Large routers forklift vast amounts of traffic as it passes over the Internet, but there are also millions of home routers, bought off the shelf, and often poorly configured, if at all.

People have already hacked these poorly-protected routers on a large scale. One ‘researcher’ claimed to have installed a mini botnet on 420,000 home routers, producing a 9Tb map of the Internet. Another compromised four and a half million home routers in Brazil alone, changing their DNS records to send them to malicious websites when they tried to visit legitimate ones. From there, they were persuaded to install software on their home machines. The result: an instant botnet.

This is all calamitous enough; but now, consider how this might affect the Internet of Things. It’s a much-lauded concept, in which billions of devices become connected to the Internet, all of them communicating information about themselves and their environment.

Cars will tell central servers when their components are about to fail, and they will be able to tell other cars miles behind them about road blockages, for example. Combined heat and power boilers will communicate with each others’ building management systems and trade energy between each other in dynamically-managed markets. Street lamps will communicate air pollution data in vastly meshed networks. Shipping containers will monitor their contents for environment changes and inform retail outlets further down the supply chain. This is the utopian vision.

But what about the dystopian one, in which poorly-configured devices are hacked, and made to communicate the wrong information, or fail altogether?

If the Internet of Things becomes as crucial to our existence as the likes of Cisco want them to be, that makes the whole thing a foundation for our critical national infrastructure. That makes it a primary attack target for those wishing to disrupt it, for financial or strategic gain.

The problem with many of the tiny Internet of Things sensors that are about to be deployed is that they aren’t easily patched. They operate independently in the field, and may have a long life span but often aren’t designed to be updated. Manufacturers  do not have the incentive to and, even if they did, the technical challenge of updating a component in your car (or your Internet of Things-connected pacemaker) might prove daunting.

Deployment of the Internet of Things will soon be advancing, and it’s going to overshadow the router security problem by an order of magnitude. It’ll provide security companies with lots of fodder for finger-wagging reports – and nation states with a massive attack surface. And the scary likelihood is that until the first real cyberwar kicks off, we won’t even know that we’ve been hit.

More information:
Router vendors responding to growing attacks

Share |
Related forum discussions
forum comment To start a discussion topic about this article, please log in or register.    

Latest Issue

E&T cover image 1607

"As the dust settles after the referendum result, we consider what happens next. We also look forward to an international summer of sport."

E&T jobs

  • Chair in Integrated Sensor Technology

    The University of Edinburgh
    • Edinburgh, City of Edinburgh

    The University of Edinburgh is one of the world’s top 20 institutions of higher education.....

    • Recruiter: The University of Edinburgh

    Apply for this job

  • Principal Electrical Engineer - Power

    BAE Systems
    • Bristol, England / Cumbria, Barrow-In-Furness, England
    • Negotiable

    Principal Electrical Engineer - Power Join our Electrical Power team and help design the self-contained generation and distribution system for the Successor submarine - a new generation of submarine designed to carry the UK's independent nuclear deterrent

    • Recruiter: BAE Systems

    Apply for this job

  • Operations Supervisor (Mechanical/Electrical/Instrumentation)

    National Grid
    • England, Cambridgeshire
    • £33000 - £39000 per annum

    Operations Supervisor - (Mechanical/Electrical/Instrumentation) Salary: Circa £33k - 39k dependant on experience + vehicle and great additional benefits (share scheme, pension, potential bonus).Location: Wisbech - Cambridgeshire We currently have an excit

    • Recruiter: National Grid

    Apply for this job

  • Lead NDT Trainer

    BAE Systems
    • England, Lancashire
    • Competitive package

    Would you like to be involved with training UK and international teams in Non Destructive Inspection (NDI) to support the in service fleet (Typhoon Tornado, and Hawk)?

    • Recruiter: BAE Systems

    Apply for this job

  • Systems Design - Emerging Portfolio

    MBDA
    • Bristol
    • Competitive Salary & Benefits

    What?s the opportunity?   There are fantastic opportunities in Systems Design for engineers to work within Future Systems. These are highly visible, fast paced roles, in...

    • Recruiter: MBDA

    Apply for this job

  • Metering Engineer

    Department for Business, Innovation and Skills
    • Teddington, United Kingdom
    • £24,109 - £27,961 plus EO Electronics PE of £8,090.00

    We are now looking for a Metering Engineer to deliver RD’s In-Service Testing (IST) scheme for gas and electricity meters.

    • Recruiter: Department for Business, Innovation and Skills

    Apply for this job

  • Head of Operational Estates

    Premium job

    The Shrewsbury and Telford Hospital NHS Trust
    • Shrewsbury, Shropshire
    • £46,625 to £57,640 per annum

    As an experienced Estates Manager, you will play a key role in helping to shape the future of the Estates service.

    • Recruiter: The Shrewsbury and Telford Hospital NHS Trust

    Apply for this job

  • Engineering Project Manager - Electrical & Automation

    Nestle
    • York, North Yorkshire
    • c£45,000 + Car Allowance + Bonus + Excellent Benefits

    Nestlé Product Technology Centre in York currently has an excellent opportunity for an Engineering Project Manager

    • Recruiter: Nestle

    Apply for this job

  • Assistant Professor (Tenure Track) of Smart Building Solutions

    Premium job

    ETH Zurich
    • Zurich, Canton of Zürich (CH)

    The successful candidate is expected to develop a strong and visible research programme in the area of control and diagnostics of building systems

    • Recruiter: ETH Zurich

    Apply for this job

  • Process Controls Leader

    Premium job

    Phillips 66
    • Humber Refinery, South Killingholme, North Lincolnshire DN40 3DW
    • £60k - 75k plus extensive Compensation and benefits package, dependent upon experience

    Experienced Process Control Leader providing leadership and technical support for Oil Refinery. Extensive Compensation and benefits package.

    • Recruiter: Phillips 66

    Apply for this job

More jobs ▶

Subscribe

Choose the way you would like to access the latest news and developments in your field.

Subscribe to E&T