A researcher at Symantec today announced new threats against broadband routers.

This involves malicious users remotely logging into the router, changing the dns settings and thus redirecting users to fake sites to steal user information. This is not a new thing and this threat has been around for quite a while, it is about guessing passwords to obtain access to systems. No matter how much security is in place, a small mistake or an overlook by a user can compromise everything in place.

Just have a look at Phenoelit’s Default Password List and find your device on the list.

To protect against this threat:
– ALWAYS change the default username and password to something other than “admin, password”.
– Never turn on remote management on the router – home users really don’t need to do this
– Disallow the device responding to pings – hiding is good and your connection won’t come up in a ping sweep when people are searching for easy targets.

Something for vendors, maybe you can put in a blank initial password for the first time setup which then forces the user to change it part of the process, disable responding to pings and turn off remote management ports. To make it more complex:
– block all incoming ports on the “stateful” firewall for tcp, udp, icmp etc
– implement a fake tcp stack fingerprint – if someone scans you and sees you’ve identified yourself as an obscure piece of old networking equipment which they’ve never heard, they’re going to leave you alone
– implement basic IPS capabilities to detect common attacks and block them accordingly. A portscan from anyone against a router should implement an automatic firewall rule to block that ip.

Something to think about…