Volume 8, issue 5

Analysis: do router security problems foreshadow IoT hacks?

2 June 2014
By Danny Bradbury
Share |
Anxious-looking male Internet user - has his home router been compromised?

What are the risks of poorly-configured home routers being hacked, made to communicate the wrong data, or to fail altogether?

Nothing is safe on the Internet, including your home router. That may already have been hacked – but if the world becomes as connected as companies are hoping, that could be the least of your worries.

In its June 2014 issue, E&T magazine looked at how enterprise and carrier-class routers are having to defend themselves against hackers and other malevolent online agents (see link below). If baddies gain access to those, they can execute a number of attacks, such as denial of service (DoS) attacks, or snagging network traffic. This is a great way to read, say, Cleartext emails as they pass over a network.

There are different levels of router. Large routers forklift vast amounts of traffic as it passes over the Internet, but there are also millions of home routers, bought off the shelf, and often poorly configured, if at all.

People have already hacked these poorly-protected routers on a large scale. One ‘researcher’ claimed to have installed a mini botnet on 420,000 home routers, producing a 9Tb map of the Internet. Another compromised four and a half million home routers in Brazil alone, changing their DNS records to send them to malicious websites when they tried to visit legitimate ones. From there, they were persuaded to install software on their home machines. The result: an instant botnet.

This is all calamitous enough; but now, consider how this might affect the Internet of Things. It’s a much-lauded concept, in which billions of devices become connected to the Internet, all of them communicating information about themselves and their environment.

Cars will tell central servers when their components are about to fail, and they will be able to tell other cars miles behind them about road blockages, for example. Combined heat and power boilers will communicate with each others’ building management systems and trade energy between each other in dynamically-managed markets. Street lamps will communicate air pollution data in vastly meshed networks. Shipping containers will monitor their contents for environment changes and inform retail outlets further down the supply chain. This is the utopian vision.

But what about the dystopian one, in which poorly-configured devices are hacked, and made to communicate the wrong information, or fail altogether?

If the Internet of Things becomes as crucial to our existence as the likes of Cisco want them to be, that makes the whole thing a foundation for our critical national infrastructure. That makes it a primary attack target for those wishing to disrupt it, for financial or strategic gain.

The problem with many of the tiny Internet of Things sensors that are about to be deployed is that they aren’t easily patched. They operate independently in the field, and may have a long life span but often aren’t designed to be updated. Manufacturers  do not have the incentive to and, even if they did, the technical challenge of updating a component in your car (or your Internet of Things-connected pacemaker) might prove daunting.

Deployment of the Internet of Things will soon be advancing, and it’s going to overshadow the router security problem by an order of magnitude. It’ll provide security companies with lots of fodder for finger-wagging reports – and nation states with a massive attack surface. And the scary likelihood is that until the first real cyberwar kicks off, we won’t even know that we’ve been hit.

More information:
Router vendors responding to growing attacks

Share |
Related forum discussions
forum comment To start a discussion topic about this article, please log in or register.    

Latest Issue

E&T cover image 1605

"We visit Barcelona, one of the smartest cities in the world, to find out what makes it so special. What does it look like and what is the future?"

E&T jobs

  • Senior Development Engineer, Electronics

    Premium job

    Helmet Integrated Systems / Gentex Corporation
    • Letchworth Garden City, Hertfordshire
    • Competitive

    We are an innovative, robust and fast growing business, whose main focus is to deliver continues improvement to existing products and offer new sol..

    • Recruiter: Helmet Integrated Systems / Gentex Corporation

    Apply for this job

  • Smart Grid Research Engineer

    Premium job

    University of Strathclyde
    • Cumbernauld, Glasgow
    • Grade: 6/7* £26,537 - £37,768*

    Work as part of a growing dynamic team on a wide range of technical projects with particular emphasis on experimental validation and testing

    • Recruiter: University of Strathclyde

    Apply for this job

  • Electrical Asset Specialist

    Affinity Water
    • Hatfield, Hertfordshire

    Responsible for updating and writing electrical engineering standards, approved codes of practice and safe systems of work

    • Recruiter: Affinity Water

    Apply for this job

  • Senior Electronics Engineer

    York Instruments
    • York, North Yorkshire

    Senior electronics engineer to work as part of a team developing an MEG imaging system; working with the engineering team and external contractors.

    • Recruiter: York Instruments

    Apply for this job

  • Manufacturing Engineer - Circuit Card Assembly

    MBDA
    • Lostock Junction
    • Competitive Salary & Benefits

    What’s the opportunity?   Manufacturing UK is an integral part of the Operations Directorate whose principal mission is to ensure that MBDA’s deliverable commitments are met...

    • Recruiter: MBDA

    Apply for this job

  • High Voltage Engineer

    Premium job

    Essex X-Ray & Medical Equipment
    • Great Dunmow, Essex

    This High Voltage Engineer will provide design leadership for high voltage cable assemblies up to one megavolt.

    • Recruiter: Essex X-Ray & Medical Equipment

    Apply for this job

  • Team Leader - Flank Arrays

    BAE Systems
    • Barrow-In-Furness, Cumbria, England
    • Negotiable

    Team Leader - Flank Arrays Would you like to work in a unique role within the construction of the Astute Class submarines? We currently have a vacancy for a Team Leader - Flank Arrays at our site in Barrow-in-Furness. As a Team Leader - Flank Arrays, you

    • Recruiter: BAE Systems

    Apply for this job

  • Electronics and Software Engineer

    Copley Scientific Ltd
    • Nottingham
    • circa £35,000 per annum + bonus

    Develop new test equipment for the pharmaceutical industry. Good opportunities to grow and develop. Successful family-owned and managed business.

    • Recruiter: Copley Scientific Ltd

    Apply for this job

  • Bridge Test Facility Manager

    BAE Systems
    • Shropshire, Telford, England
    • Negotiable

    Bridge Test Facility ManagerWe currently have a vacancy for a Bridge Test Facility Manager at our site in Telford with our Land UK business.As the Bridge Test Facility Manager, you will be part of our Test & Trials team, working closely with the Mili

    • Recruiter: BAE Systems

    Apply for this job

  • Intelligent Transport Systems Engineer - Highways Technology

    Premium job

    Mott MacDonald
    • Birmingham, West Midlands

    Our transport technology team in Birmingham is currently growing a highly skilled and customer-focused team to...

    • Recruiter: Mott MacDonald

    Apply for this job

More jobs ▶

Subscribe

Choose the way you would like to access the latest news and developments in your field.

Subscribe to E&T