You are exposed 24/7 thanks to your favorite “Wireless router”
In 2020, the wireless router market was valued at USD 10572.2 million, and it is expected to expand at an annual pace of 8.4% from 2021 to 2026, reaching USD 17084.9 million.
Mordor Intelligence
With the market growing in size every day, Is the security aspect of Wireless routers being neglected? Are only designs being changed every now and then?
Wireless routers might make working peacefully a reality, but the threats that chase them can be just as terrible, If not more.
Let’s explore a little on how these so essential devices can make our data vulnerable to third parties, while we are peacefully browsing the Internet.
Most individuals are either uninformed of how to secure their routers or are unaware of the consequences if they do not, DO NOT be one of them!
In this article, we will look at a variety of hazards and vulnerabilities associated with unsecured wireless routers, as well as preventive actions that may be taken to mitigate these risks.
Image source – mordorintelligence.com
Table of Contents
- Wireless routers
- Can my Router Get Hacked?
- Exploitation of Wireless router vulnerabilities
- Safety tips for wireless routers
- Restrict access
- Protect your Wi-Fi network with a cybersecurity tool
- Be cautious when exchanging files
- Use a VPN (Virtual Private Network) to connect
- Change your router’s admin credentials
- Enabling encryption WPA2 (or WPA3)
- Deactivate wireless/remote administration
- Update the firmware on your router
- Conclusion
Wireless routers
Local networks are connected via a router to other local networks on the Internet, with the help of 900 MHz and 60 GHz frequency bands.
A Wireless access point links devices to the network wirelessly. The latest wireless routers employ the standard IEEE 802.11ac Wave 2.
A wireless router is another name for Wireless Local Area Network (WLAN) equipment. Wi-Fi is the term designated for a wireless network.
Wireless router types:
- Wi-Fi router(Desktop)
- Mobile hotspot
- Portable Wi-Fi
All of these appear in available networks as shown below.
Can my Router Get Hacked?
- Data from Shodan Explore
- How to Identify that Your Router Has Been Hacked?
According to Shodan, This is the current geographical view of the Unsecured Wi-Fi access points in the World
Image source - kaspersky.com
Data from Shodan Explore
Shodan is a search engine that searches for devices available to open access from All over the World.
If a remote hacker accesses the device name, model number, firmware version, operating system, and MAC address of the wireless router. It is a security vulnerability that can be exploited.
All the statistics are true at the time of research 22 September 2021
- What are the possible risks if these get leaked?
If you have named your router with your full name, an attacker will know the identity of the owner and thus he/she can geolocate you through the public IP address of the router.
This can be done through services like WiGLE which makes getting Geographical location possible through MAC address or SSID (A different ID for every device on the network).
Foreign cyber attackers targeted residential office and small business routers with VPN Filter malware. The virus is capable of a variety of tasks, including data collecting, device exploitation, and network traffic blockage.
Hundreds of thousands of residential and workplace routers were infected as a result of the malware, which targeted routers made by numerous manufacturers.
This chart shows the Open IP ports with the highest number of exposed wireless devices.
- 81,905 devices with Port no 80 were found exposed followed by Port 8080(55,030), Port 1900 (48,228), and Port 135 (33,830).
Next up we will see the countries with the highest number of exposed wireless routers in the World according to Shodan.
- Lead by Russian Federation with 32,012 ports in total, followed by Bulgaria 22,765 ports, then comes Japan 22,650 ports making it to top 3 countries with the highest number of exposed wireless routers in the world.
This chart shows the top organizations with unsecure ports in the world.
- A telecommunication company Chungwa ltd located in Taiwan was found to have the highest number of open ports(18,344), followed by Link NET located in Egypt, Cairo having its 4,248 ports. The administration of National de Telecommunications based in Uruguay, Montevideo has 4,353 ports open.
Next up we will see the wireless router products which are the most exposed out of all those available in the market.
- The provider with the highest number of exposed devices found worldwide is Microsoft with 48,297 devices, followed by TP-Link (26,178) which had many instances of attacks in past years. It is evident that 5 routers among the top ten belong to TP-Link(making a total of 50,575 exposed devices belonging only to TP-Link).
After this we got the step further and looked for Wi-Fi routers online protected with default password. The most beauty of this – one even don’t need to enumerate too much – one correct Shodan query will be enough.
In our case we just used this one as follows on screenshot.
As following step, we will go for this result and look at the port 80.
Surprisingly enough, we don’t even need to put any kind of credentials – it is just open for everybody.
If you still not convinced about deepness of this discovery, we will go one step deeper and check those “Advance settings”.
Here we can get access to pretty much any possible configuration item and of course collect much more information about the target for further exploitation.
So, I hacked this router without hacking. Pretty scary!
How to identify that your router has been hacked?
With all of the talk about how dangerous a hacked router can be, I'm sure you're wondering what signs to check for to see if your router has been attacked.
So how can you check for harmful activities if someone else uses your network?
Several signs for a hacked router are as follows:
- Login Information Does not Work
It's never a good indicator when passwords aren't accepted. When it comes to your router, this is no different.
If you can't log in to your router's admin panel or your Wi-Fi password isn't functioning, it's possible that a hacker has gotten access to your router and modified the settings to block you out.
Image source - sectigostore.com
- You've discovered unidentified IP addresses on your network.
If you are logged into a router interface, you should examine the list of IP addresses that are accessing your network on a regular basis.
If an unfamiliar address is shown (particularly a foreign address), it probably means a hacker has hacked your network.
Therefore, check for any unfamiliar IP addresses for our next technique to identify whether your router is hacked.
Image source - sectigostore.com
- You are sent to unknown or unintended websites
Another symptom of a hacked router is DNS hijacking and hackers rerouting you to dangerous websites, as we mentioned a minute ago.
If you continue getting diverted to websites you didn't plan to visit when trying to access your normal websites, it might be a sign of a hijacked router that uses DNS hijacking.
- You've started receiving ransomware messages
So, we've reached the end of our guide to figuring out whether your router has been hacked. Ransomware is a type of harmful software that allows cybercriminals to encrypt data in exchange for a ransom payment.
If a hacker gets their hands on your router, they may easily block you from connecting to your network.
But what to do if a hacker sends you an email or other form of contact requesting cash in return to gain access to your network?
FBI advises against paying the ransom demand and instead reports it to tips.fbi.gov or your local FBI field office.
Sometimes Internet might be or might not be slow due to malware, you should take measures regardless.
Exploitation of Wireless router vulnerabilities
- Attack by man-in-the-middle
- Piggybacking attack
- Wardriving attack
- Web sniffing attack
- Evil Twin attack
Vulnerabilities present in the architecture of Wireless routers make them susceptive to attacks on most occasions.
Mathy Vanhoef, who is a Belgian security researcher, found that there are two types of bugs found in routers which made even the devices created 24 years earlier vulnerable to attackers in Wi-Fi range
- Fragmentation attacks
Mathy discovered fragmentation attacks as he knows his Wi-Fi protocols and he is also familiar with shredding them. Fragmentation attacks affect the Wi-Fi standard.
He says that three vulnerabilities found were design shortcomings in Wi-Fi standard. And most of the devices today are affected by these. Some of the vulnerabilities are a result of programming mistakes.
- WiFi standard design flaws
- CVE202024588: Aggregation attack (accepts non-SPP AMSDU frames
- CVE202024587: Mixed key attack (gathering fragments encrypted with different keys
- CVE202024586: Fragment cache attack (does not erase fragments of memory when (re) connecting to a network)
- Faults in the implementation of the WiFi standard
- CVE202026145: Acceptance of fragments of plain text transmission as complete frames (in an encrypted network).
- CVE202026144: Accepting plain text A-MSDU frames starting with RFC1042 header with EtherType EAPOL (in an encrypted network).
- CVE202026140: Accepting plain text data frames on a secure network
- CVE202026143: Accepting fragmented plain text data frames on a secure network
- Other implementation flaws
- CVE202026139: Forwarding EAPOL frames even if the sender is not yet authenticated (should only affect access points)
- CVE-2020-26142: fragmented frames are processed as full.
- KRACK attack
Mathy also discovered a dangerous vulnerability in WPA2 protocol that allows the decryption of encrypted traffic, data theft and injection of malicious codes. All depending on network configuration.
- RC4 NOMORE attack
The RC4NOMORE attack aimed at destroying RC4 encryption algorithm
- Dragon blood
This Attack is launched against WPA3 Wi-Fi networks, thus allowing attackers to steal passwords.
Some other attacks which exploit the vulnerabilities of wireless routers are as under:
Attack by Man-in-the-Middle
A type of Cyber snooping, in which malicious actors spy onto a dialogue and detain data from an apparently safe and trusted system, is called “Man in the Middle Attack”.
The targeted data is often somebody’s intellectual property or confidential information
Man-in-the-Middle Attacks can be used to breach a system to initiate advanced persistent threats (APT).
Image source - thesslstore.com
Piggybacking
If you fail to secure your wireless network, anyone with a wireless-enabled computer within range of your router can use it. The average interior broadcast range for an access point is 150–300 feet. Outdoors, this range can go up to 1,000 feet.
Consequently, whether you live in a densely populated area or an apartment or condominium, failing to protect your wireless network might expose your Internet access to a huge number of unwanted users.
Image source - thebalance.com
Wardriving
Wardriving is a special form of piggybacking.
Wardriving, also known as Access Point Mapping, is the act of using a smartphone or laptop to hunt for WiFi wireless networks while driving.
Wardrivers may try to steal your credentials, banking information, or any other sensitive information, once they gain access to your device’s connection.
Image source - geeksforgeeks.org
Web sniffing
Several public access sites are sending data that is unencrypted. Sniffing tools employed by actors steal people’s data.
Image source - stackechange.com
Evil Twin Attacks
The adversary transmits a stronger signal than that of the real access point, so when the victim connects to the Internet using their system, the user certainly connects using a stronger signal.
The attacker may simply access any data sent over the Internet by the victim using specialized tools. We have compiled an article on how Evil Twin works and protecting yourself.
Image source – sepiosystems.com
Safety tips for wireless routers
- Restrict access
- Protect your Wi-Fi network with a cybersecurity tool
- Be cautious when exchanging files
- Use a VPN (Virtual Private Network) to connect
- Change your router’s admin credentials
- Enabling encryption WPA2 (or WPA3)
- Deactivate wireless/remote administration
- Update the firmware on your router
Attacks on wireless LANs pose a significant threat. In 2018, two-thirds of (SMBs) small and medium-sized businesses experienced a cyber-attack. Furthermore, owing to the costs of sustained system failures and interruption (40 percent of systems were down for 8+ hours when a hack occurred), the average cost of the assault on these firms was approximately $3 million.
Securing the home network should be a top priority for anybody concerned about the safety and security of their data.
The safety measures mentioned below are simple enough for even the least tech-savvy individual to follow to prevent unwanted access from a hacker in the future:
Access should be restricted
Only Authorized users should avail themselves of the privilege of connecting to your network. A specific Media Access Control (MAC) address is owned by any piece of hardware accessing the network.
- Restrictions for network access can be placed by filtering certain MAC addresses. In case you are looking for precise instructions, read the user manual for enabling the feature.
- "Guest account," is also a useful feature present on many wireless routers.
This feature allows the utilization of a secondary wireless channel while keeping your primary credentials hidden.
Image source - linksys.com
Protect your Wi-Fi network with cyber security tool
The most hassle-free way to monitor your Wi-Fi activity with anomaly detection and protection is an antivirus program.
Avast Free Antivirus is recommended because it has an integrated Wi-Fi Inspector, which ensures that you are always aware of what is going on with your Wi-Fi.
Image source - avast.com
Be cautious when exchanging files
Restrict unnecessary file sharing among devices on public networks. Only allow it on work or private networks.
Moreover, make sure that your shared files are password-protected, these precautions might seem too much but when your data is at stake, more is less.
You can enable the password protected sharing In Windows, through the following steps:
- Open Start menu
- Search “Sharing”
- Click on the ‘Manage Advanced Sharing Settings” option
- Then choose “All Networks”
Image source - pcmag.com
- Mark the “Turn on password protected sharing” and Save changes
Use a VPN (Virtual Private Network) to connect
VPNs encrypt connections and store traffic that isn't encrypted well enough.
If you don’t already have a VPN, we have curated a list of the best VPNs just for you.
Through VPN, your online activity will become untouchable.
Change your router’s admin credentials
You bought a router, either used or new and you didn’t change its user name and password. Don’t tell me! Because you just became the easiest target for the hackers.
Almost all routers in the market include default admin credentials that Wi-Fi hackers are aware of.
They can attempt to get into your router with that info if they can reach your Wi-Fi network.
Better late than never!
To prevent Wi-Fi hackers from just hacking into the router, create a hack-proof password containing random sequences of characters.
Enable either WPA2 or WPA3 encryption
If your data is encrypted, nobody can see your data even if they have access to your network. To provide this protection, there are various encryption methods available.
Enabling WPA2 or WPA3 encryption makes a Wi-Fi password necessary for connection approval, and that’s how data encryption takes place.
Through Wi-Fi Protected Access WPA, WPA2, and WPA3
The most secure encryption today is WPA3.
WPA2 and WPA are supported too; however, equipment which supports WPA3 is suitable to utilize. Other protocols might open your network for exploitation.
Image source - pcmag.com
Deactivate wireless/remote administration
You can access the admin settings of your router from anywhere in the world with remote administration.
However, you will rarely have to do this unless you are a developer. So it’s better to hinder Hackers’ access by turning off remote administration.
If you will ever have to see the router’s settings, a physical connection through the Ethernet wire is required.
Image source - wikihow.com
Update the firmware on your router
“Firmware” is the software controlling a specific piece of hardware, in this case, your router.
Firmware may be upgraded, just like the operating system on your computer, any programs or apps you use, to protect your router against any vulnerabilities which existed in prior firmware versions.
Some routers can check for firmware upgrades automatically, but try checking for updates yourself by going to the admin settings of your router, locate the firmware area and check for yourself.
Image source - pcmag.com
Conclusion
Almost every new technology has advantages and disadvantages. Wireless routers, on the one hand, can significantly improve data processing and business strategies by providing users with a simple and easy connection to the internet.
But, on the other hand, it also poses significant risks to business organizations that either do not understand the risks or do not take appropriate steps to mitigate those risks.
Some technologies may be used to manage hazards in Wireless routers and provide safe wireless connections. IT auditors should look at management's crucial involvement in establishing policies and processes that can control the majority of Wi-Fi hazards.
Your questions are highly anticipated.
Your email address will not be published. Required fields are marked