Follow us

You are exposed 24/7 thanks to your favorite “Wireless router”

Setting up the encryption of the wireless device for a few minutes might spare you the difficulties of losing data and identity theft.

Updated: October 27, 2021 By Hamna Imran

Title image for Wireless router TP-Link Archer C2300

Image source - freepik.com

In 2020, the wireless router market was valued at USD 10572.2 million, and it is expected to expand at an annual pace of 8.4% from 2021 to 2026, reaching USD 17084.9 million.

Mordor Intelligence

With the market growing in size every day, Is the security aspect of Wireless routers being neglected? Are only designs being changed every now and then?

Wireless routers might make working peacefully a reality, but the threats that chase them can be just as terrible, If not more.

Let’s explore a little on how these so essential devices can make our data vulnerable to third parties, while we are peacefully browsing the Internet.

Most individuals are either uninformed of how to secure their routers or are unaware of the consequences if they do not, DO NOT be one of them!

In this article, we will look at a variety of hazards and vulnerabilities associated with unsecured wireless routers, as well as preventive actions that may be taken to mitigate these risks.

Photograph showing Wireless router market trends

 Image source – mordorintelligence.com

Wireless routers

Local networks are connected via a router to other local networks on the Internet, with the help of 900 MHz and 60 GHz frequency bands.

A Wireless access point links devices to the network wirelessly. The latest wireless routers employ the standard IEEE 802.11ac Wave 2.

A wireless router is another name for Wireless Local Area Network (WLAN) equipment. Wi-Fi is the term designated for a wireless network.

Wireless router types:

  1. Wi-Fi router(Desktop)
  2. Mobile hotspot
  3. Portable Wi-Fi

All of these appear in available networks as shown below.

Networks and Internet Settings

Can my Router Get Hacked?

  • Data from Shodan Explore
  • How to Identify that Your Router Has Been Hacked?

According to Shodan, This is the current geographical view of the Unsecured Wi-Fi access points in the World

Unsecure Wi-Fi Access point

Image source - kaspersky.com

Data from Shodan Explore

Shodan is a search engine that searches for devices available to open access from All over the World.

If a remote hacker accesses the device name, model number, firmware version, operating system, and MAC address of the wireless router. It is a security vulnerability that can be exploited.

All the statistics are true at the time of research 22 September 2021

  • What are the possible risks if these get leaked?

If you have named your router with your full name, an attacker will know the identity of the owner and thus he/she can geolocate you through the public IP address of the router.

This can be done through services like WiGLE which makes getting Geographical location possible through MAC address or SSID (A different ID for every device on the network).

Foreign cyber attackers targeted residential office and small business routers with VPN Filter malware. The virus is capable of a variety of tasks, including data collecting, device exploitation, and network traffic blockage.

Hundreds of thousands of residential and workplace routers were infected as a result of the malware, which targeted routers made by numerous manufacturers.

All the open ports of Wireless routers

This chart shows the Open IP ports with the highest number of exposed wireless devices.

  • 81,905 devices with Port no 80 were found exposed followed by Port 8080(55,030), Port 1900 (48,228), and Port 135 (33,830).

Next up we will see the countries with the highest number of exposed wireless routers in the World according to Shodan.

Countries with openly accessible wireless routers as per shodan

  • Lead by Russian Federation with 32,012 ports in total, followed by Bulgaria 22,765 ports, then comes Japan 22,650 ports making it to top 3 countries with the highest number of exposed wireless routers in the world.

This chart shows the top organizations with unsecure ports in the world.

Top Organizations with the highest number of exposed wireless routers

  • A telecommunication company Chungwa ltd located in Taiwan was found to have the highest number of open ports(18,344), followed by Link NET located in Egypt, Cairo having its 4,248 ports. The administration of National de Telecommunications based in Uruguay, Montevideo has 4,353 ports open.

Next up we will see the wireless router products which are the most exposed out of all those available in the market.

Top wireless router products with exposed ports as per shodan search engine

  • The provider with the highest number of exposed devices found worldwide is Microsoft with 48,297 devices, followed by TP-Link (26,178) which had many instances of attacks in past years. It is evident that 5 routers among the top ten belong to TP-Link(making a total of 50,575 exposed devices belonging only to TP-Link).

After this we got the step further and looked for Wi-Fi routers online protected with default password. The most beauty of this – one even don’t need to enumerate too much – one correct  Shodan query will be enough.

In our case we just used this one as follows on screenshot.

Shodan result for default password query

As following step, we will go for this result and look at the port 80.

Surprisingly enough, we don’t even need to put any kind of credentials – it is just open for everybody.

Open admin panel of the Wi-Fi router

If you still not convinced about deepness of this discovery, we will go one step deeper and check those “Advance settings”.

Here we can get access to pretty much any possible configuration item and of course collect much more information about the target for further exploitation.

Configuration page with many parameters for exposed Wi-Fi router

Router NAT/DMZ configuration page

So, I hacked this router without hacking. Pretty scary!

How to identify that your router has been hacked?

With all of the talk about how dangerous a hacked router can be, I'm sure you're wondering what signs to check for to see if your router has been attacked.

So how can you check for harmful activities if someone else uses your network?

Several signs for a hacked router are as follows:

  1. Login Information Does not Work

    It's never a good indicator when passwords aren't accepted. When it comes to your router, this is no different.

    If you can't log in to your router's admin panel or your Wi-Fi password isn't functioning, it's possible that a hacker has gotten access to your router and modified the settings to block you out.

    Example of how the login page for your router may look like

    Image source - sectigostore.com

  2. You've discovered unidentified IP addresses on your network.

    If you are logged into a router interface, you should examine the list of IP addresses that are accessing your network on a regular basis.

    If an unfamiliar address is shown (particularly a foreign address), it probably means a hacker has hacked your network.

    Therefore, check for any unfamiliar IP addresses for our next technique to identify whether your router is hacked.

    This is an example of a website where you should look for unfamiliar IP addresses. This page may appear differently depending on the kind or brand of router you're using

    Image source - sectigostore.com

  3. You are sent to unknown or unintended websites

    Another symptom of a hacked router is DNS hijacking and hackers rerouting you to dangerous websites, as we mentioned a minute ago.

    If you continue getting diverted to websites you didn't plan to visit when trying to access your normal websites, it might be a sign of a hijacked router that uses DNS hijacking.

  4. You've started receiving ransomware messages

    So, we've reached the end of our guide to figuring out whether your router has been hacked. Ransomware is a type of harmful software that allows cybercriminals to encrypt data in exchange for a ransom payment.

If a hacker gets their hands on your router, they may easily block you from connecting to your network.

But what to do if a hacker sends you an email or other form of contact requesting cash in return to gain access to your network?

FBI advises against paying the ransom demand and instead reports it to tips.fbi.gov or your local FBI field office.

Sometimes Internet might be or might not be slow due to malware, you should take measures regardless.

Exploitation of Wireless router vulnerabilities

Vulnerabilities present in the architecture of Wireless routers make them susceptive to attacks on most occasions.

Mathy Vanhoef, who is a Belgian security researcher, found that there are two types of bugs found in routers which made even the devices created 24 years earlier vulnerable to attackers in Wi-Fi range

  1. Fragmentation attacks

Mathy discovered fragmentation attacks as he knows his Wi-Fi protocols and he is also familiar with shredding them. Fragmentation attacks affect the Wi-Fi standard.

He says that three vulnerabilities found were design shortcomings in Wi-Fi standard. And most of the devices today are affected by these. Some of the vulnerabilities are a result of programming mistakes.

  • WiFi standard design flaws
    • CVE202024588: Aggregation attack (accepts non-SPP AMSDU frames
    • CVE202024587: Mixed key attack (gathering fragments encrypted with different keys
    • CVE202024586: Fragment cache attack (does not erase fragments of memory when (re) connecting to a network)
  • Faults in the implementation of the WiFi standard
    • CVE202026145: Acceptance of fragments of plain text transmission as complete frames (in an encrypted network).
    • CVE202026144: Accepting plain text A-MSDU frames starting with RFC1042 header with EtherType EAPOL (in an encrypted network).
    • CVE202026140: Accepting plain text data frames on a secure network
    • CVE202026143: Accepting fragmented plain text data frames on a secure network
  • Other implementation flaws
    • CVE202026139: Forwarding EAPOL frames even if the sender is not yet authenticated (should only affect access points)
    • CVE-2020-26142: fragmented frames are processed as full.
  1. KRACK attack

Mathy also discovered a dangerous vulnerability in WPA2 protocol that allows the decryption of encrypted traffic, data theft and injection of malicious codes. All depending on network configuration.

  1. RC4 NOMORE attack

The RC4NOMORE attack aimed at destroying RC4 encryption algorithm

  1. Dragon blood

This Attack is launched against WPA3 Wi-Fi networks, thus allowing attackers to steal passwords.

Some other attacks which exploit the vulnerabilities of wireless routers are as under:

Attack by Man-in-the-Middle

A type of Cyber snooping, in which malicious actors spy onto a dialogue and detain data from an apparently safe and trusted system, is called “Man in the Middle Attack”.

The targeted data is often somebody’s intellectual property or confidential information

Man-in-the-Middle Attacks can be used to breach a system to initiate advanced persistent threats (APT).

How Man in the middle attack works?

Image source - thesslstore.com

Piggybacking

If you fail to secure your wireless network, anyone with a wireless-enabled computer within range of your router can use it. The average interior broadcast range for an access point is 150–300 feet. Outdoors, this range can go up to 1,000 feet.

Consequently, whether you live in a densely populated area or an apartment or condominium, failing to protect your wireless network might expose your Internet access to a huge number of unwanted users.

Piggybacking in wireless networking

Image source - thebalance.com

Wardriving

Wardriving is a special form of piggybacking.

Wardriving, also known as Access Point Mapping, is the act of using a smartphone or laptop to hunt for WiFi wireless networks while driving.

Wardrivers may try to steal your credentials, banking information, or any other sensitive information, once they gain access to your device’s connection.

Wardriving attack architecture

Image source - geeksforgeeks.org

Web sniffing

Several public access sites are sending data that is unencrypted. Sniffing tools employed by actors steal people’s data.

How to sniff traffic to your own IP address from an external network

Image source - stackechange.com

Evil Twin Attacks

The adversary transmits a stronger signal than that of the real access point, so when the victim connects to the Internet using their system, the user certainly connects using a stronger signal.

The attacker may simply access any data sent over the Internet by the victim using specialized tools. We have compiled an article on how Evil Twin works and protecting yourself.

What is an Evil twin attack?

Image source – sepiosystems.com

Safety tips for wireless routers

Attacks on wireless LANs pose a significant threat. In 2018, two-thirds of (SMBs) small and medium-sized businesses experienced a cyber-attack. Furthermore, owing to the costs of sustained system failures and interruption (40 percent of systems were down for 8+ hours when a hack occurred), the average cost of the assault on these firms was approximately $3 million.

Securing the home network should be a top priority for anybody concerned about the safety and security of their data.

The safety measures mentioned below are simple enough for even the least tech-savvy individual to follow to prevent unwanted access from a hacker in the future:

Access should be restricted

Only Authorized users should avail themselves of the privilege of connecting to your network. A specific Media Access Control (MAC) address is owned by any piece of hardware accessing the network.

  • Restrictions for network access can be placed by filtering certain MAC addresses. In case you are looking for precise instructions, read the user manual for enabling the feature.
  • "Guest account," is also a useful feature present on many wireless routers.
    This feature allows the utilization of a secondary wireless channel while keeping your primary credentials hidden.

Guest access settings for your router

 Image source - linksys.com

Protect your Wi-Fi network with cyber security tool

The most hassle-free way to monitor your Wi-Fi activity with anomaly detection and protection is an antivirus program.

Avast Free Antivirus is recommended because it has an integrated Wi-Fi Inspector, which ensures that you are always aware of what is going on with your Wi-Fi.

Avast antivirus program

Image source - avast.com

Be cautious when exchanging files

Restrict unnecessary file sharing among devices on public networks. Only allow it on work or private networks.

Moreover, make sure that your shared files are password-protected, these precautions might seem too much but when your data is at stake, more is less.

You can enable the password protected sharing In Windows, through the following steps:

  1. Open Start menu
  2. Search “Sharing”
  3. Click on the ‘Manage Advanced Sharing Settings” option
  4. Then choose “All Networks”

    How to turn on password protected sharing on Windows

    Image source - pcmag.com

  5. Mark the “Turn on password protected sharing” and Save changes

Use a VPN (Virtual Private Network) to connect

VPNs encrypt connections and store traffic that isn't encrypted well enough.

If you don’t already have a VPN, we have curated a list of the best VPNs just for you.

Through VPN, your online activity will become untouchable.

Change your router’s admin credentials

You bought a router, either used or new and you didn’t change its user name and password. Don’t tell me! Because you just became the easiest target for the hackers.

Almost all routers in the market include default admin credentials that Wi-Fi hackers are aware of.

They can attempt to get into your router with that info if they can reach your Wi-Fi network.

Better late than never!

To prevent Wi-Fi hackers from just hacking into the router, create a hack-proof password containing random sequences of characters.

Enable either WPA2 or WPA3 encryption

If your data is encrypted, nobody can see your data even if they have access to your network. To provide this protection, there are various encryption methods available.

Enabling WPA2 or WPA3 encryption makes a Wi-Fi password necessary for connection approval, and that’s how data encryption takes place.

Through Wi-Fi Protected Access WPA, WPA2, and WPA3

The most secure encryption today is WPA3.

WPA2 and WPA are supported too; however, equipment which supports WPA3 is suitable to utilize. Other protocols might open your network for exploitation.

Enable encryption on your Wi-Fi network

Image source - pcmag.com

Deactivate wireless/remote administration

You can access the admin settings of your router from anywhere in the world with remote administration.

However, you will rarely have to do this unless you are a developer. So it’s better to hinder Hackers’ access by turning off remote administration.

If you will ever have to see the router’s settings, a physical connection through the Ethernet wire is required.

Disable remote management of router

Image source - wikihow.com

Update the firmware on your router

Firmware” is the software controlling a specific piece of hardware, in this case, your router.

Firmware may be upgraded, just like the operating system on your computer, any programs or apps you use, to protect your router against any vulnerabilities which existed in prior firmware versions.

Some routers can check for firmware upgrades automatically, but try checking for updates yourself by going to the admin settings of your router, locate the firmware area and check for yourself.

Update your router’s firmware

Image source - pcmag.com

Conclusion

Almost every new technology has advantages and disadvantages. Wireless routers, on the one hand, can significantly improve data processing and business strategies by providing users with a simple and easy connection to the internet.

But, on the other hand, it also poses significant risks to business organizations that either do not understand the risks or do not take appropriate steps to mitigate those risks.

Some technologies may be used to manage hazards in Wireless routers and provide safe wireless connections. IT auditors should look at management's crucial involvement in establishing policies and processes that can control the majority of Wi-Fi hazards.

Your questions are highly anticipated.

Author
Hamna Imran
Cyber Security student and keen learner, writing articles for several other websites.

Leave a comment

click to select