The open-source Turris Omnia router is impossible to hack

Open-source hack-proof router aims to close cyber security gap

Image credit:

Routers are the gateway of every home internet network. Yet, while many computers run antivirus software, little has been done thus far to protect routers against cyber threats. A new device, described as the world’s first hack-proof router, was launched on Thursday at the CES Unveiled Show in Prague.

The main strength of the Turris Omnia router, a spin-out of a cyber security research project by Czech Republic’s domain administrator, is the fact that it automatically updates and patches vulnerabilities as they become known.

“If you look at an average router you can buy from a shop, it comes with firmware that is not designed to ever be updated,” explained CEO Ondrej Filip. “But routers are quite easy to hack and there have been a lot of examples in the past of vulnerabilities that have never been fixed.”

As a result, most people end up with poorly secured home networks protected only by default passwords set by manufacturers. All it takes is an attacker with skills that can be learned from online tutorials to access a neighbour’s internet network. Once they do that, they do not only gain unauthorised access to the internet, but they can also intercept and monitor all traffic that is taking place or even hijack the router to perform an attack on someone else.

“In our research, we have seen examples of massive cyber attacks coming from people’s home routers,” Filip described. “Essentially, there is a very large botnet that is trying to find poorly secured routers and connects them to itself. At the end, you have thousands of devices that are working together trying, for example, to guess some passwords.”

The problem is only bound to get worse with the rise of the Internet of Things and smart connected home technology. These devices, Filip explained, are also essentially computers, yet no one pays attention to their cyber security.

“Recently, we have seen a very large denial of service attack, one terabit per second, that was done by home cameras,” said Filip. “From those cameras, the attackers were able to send some packets and create a very large [attack], actually one of the largest attacks in the current history.” hadn't originally planned to develop a commercial product, but after conducting a research project using a custom-designed router to monitor home network security, they found themselves inundated with requests from people eager to buy a router that would allow them to better control their home network.

“The market of routers that have instant updates, that can be updated and fix security bugs is currently very small,” Filip said. “That’s quite strange if you realise how many of those devices are sold worldwide.”

The team decided to go further than just making a router that updates regularly. Turris Omnia can communicate with other routers and share information about security threats. The user can also easily monitor what is happening in his or her network, which devices are connected to it and to which servers data is being sent. As Filip said, there have been examples in the past of smart home devices secretly sending information to manufacturers. With a regular router, something like this can go completely unnoticed for years.

“There was a case, for example, with some toys for kids that were sending data to the company,” Filip remarks. “That’s quite worrying. The toy was essentially talking to the kid and the kid’s voice was transmitted to some external party.”

After seeing the interest in the experimental product, launched a crowd-funding campaign on Indiegogo with a modest goal to raise $100,000. They raised that in less than a day and eventually collected more than twleve times this amount.

“Both the hardware and software are open source,” said Filip. “We are not a company that is hiding anything. We publish everything, including all the source code. It’s good for people who want to do something more with it, who want to play, for geeks, but it’s also good for people who want to audit the device, that it’s doing just what it’s been designed for.”

Sign up to the E&T News e-mail to get great stories like this delivered to your inbox every day.

Recent articles