More Router Security
The other day I made a Facebook post which got more attention than I expected. I told the story of an acquaintance of mine who heard I was "the router guru" and who contacted me because their monthly internet data usage from the cable company spiked in a HUGE way. She contacted the cable company who came out, told her she'd been hacked and she needed to change her passwords and drove away. No help at all.
And on top of it they told her she would have to pay for the overage because she was using her own router and not the cable company's which I find to be very bizarre because cable companies use combo modem/routers which have just about the worst track record for security imaginable. However, if I owned the cable company that would probably be my bottom line fiscal policy as well. Guess it depends which side of the fence you sit on.
I've been trying to raise awareness for home network security in my circle of friends for some time. Most probably just tolerate my posts as most folks aren't as geeky as I am. I get that, I really do. And when you learn some giant tidbit that excites you regarding computer security there is no one to tell that understands it, so I tell Mr. FaceBook. So everybody probably just thinks I'm that crazy geeky guy with a poodle.
And most people have this attitude about hacking..........."I'm not very interesting. Anybody who hacks me is wasting their time. I don't have anything important on my computer I care that much about.
And you know what..........For the most part, for most people, that may be true.
But then this thing happens. Lady is minding her own business, not hurting anyone, someone hacks her and then IT COSTS HER MONEY. She was the victim of a crime that had a fiscal impact. Believe me when I tell you folks......this can happen to you too. Someone can steal your data which can cost you money.
Getting hacked could cost you the Presidency as well. :) Ask Hillary Clinton.
Getting hacked also could reveal all your emails which reveal you to be a Spirit Cooking, UFO nut as well. Ask John Podesta.
It could cost you your job. Ask Debbie Wasserman Schultz or Donna Brazille.
All these things happened. Sorry if that offends your political ideology, but they happened.
Let's say I'm a black hat hacker and lets say I deal in images for money. You can use your imagination here. Naked pics of celebrities, kiddie porn, whatever. You don't think I'm storing that crap on my computer, do you? Nope, I'll store it on YOUR network and sell links to the images. SUDDENLY YOU ARE COMPLICIT IN A CRIME.
Okay, lets get real here. When the investigators roll in it won't take them long to figure out it isn't you. You probably will never see the inside of a booking room or cell but oh what a pain in the ass it will be when they knock on your door and take your stuff.
Here's another scenario. I break into your network and hack a computer or all of your computers and turn them into my evil bots. I use them to attack other computers. You don't think I'm gonna hack the Pentagon from my computer, do you? Nope, I'd do it from your computer. You don't think I'm going to do a Denial of Service Attack from my computer, do you? Are you beginning to get the picture here?
So why are you so vulnerable to attack? First of all lets discuss how you connect to the internet. Generally in this day and age it's via a cable or satellite modem, hooked to a wireless router inside your home. There are combo devices which do both as well. Or you can connect via a MiFi brick which is becoming more and more common as well but that's a discussion for another day. It's still just an access point.
Now let's go to the store and go router shopping. Look at the boxes. They all tell you how FAST they are, but look for a box that tells you how safe and secure it is. You won't find one. Why? Because they aren't the least bit safe or secure. I've said this before and it always bears repeating..........That router is designed for the stupidest person capable of opening the box getting connected to the internet easily without having to call their expensive tech support people on the phone lines.
Now, flip your router upside down. There's a sticker there that gives you an awesome WiFI password. ChittyChittyBangBang498374$%&)
And you know what? That's great. It really is.
EXCEPT FOR ONE THING. YOUR FUCKING ROUTER IS CONNECTED DIRECTLY TO THE INTERNET VIA AN ETHERNET CABLE TO THE MODEM AND THAT INTERFACE HAS A PASSWORD TOO! Wanna guess what that password is?
I swear to God it is usually "password", or admin, or NOTHING. Nothing filled in the password block. I AM SO NOT KIDDING.
Don't believe me? Google up "Netgear default password", "Linksys default password".........whatever.
Most people NEVER change this password. When you boot into the router software to set it up IT DOESN'T PROMPT YOU TO CHANGE THIS PASSWORD.
Why not? Because the stupidest person capable of opening the box will change it, screw something up, then call tech support and tell them "I dunno what my password is". And then they have to pay the tech support person to sit on the phone with that person for 30 mins to an hour teaching them how to reset the router and starting all over again.
There is no security folks. Most of you have a 5 year old router, with 5 years of dust on it behind your TV that you've never updated, and certainly never changed the password. When you read the news and it says "The hacking group Anonymous took down Coca-Cola corporation today with a Denial Of Service Attack using 500,000 bot computers....." Guess what? You're one of them. Maybe two of them. Maybe even three of them.
If I'm a super skilled hacker I can break in your router EVEN IF you do all this because the router manufacturer puts software designed for that stupid person on the device that's full of gaping holes. Even if you do change your passwords which is a must, there are other ways to break in. Someone can probably always break in but for God's sakes don't make it easy. The super hackers don't want to look at pics of your grandkids. You're no great prize to them. But to the 14 year old hacker in Prague you are. All the people who think they have skills can get in, they will, and they'll steal your data and THAT CAN COST YOU MONEY.
You should do the following things at a minimum:
- Call the cable company as ask them to provision your modem and install the latest firmware on it. They are supposed to do that. By the way modems are hackable too. Google up "Arris Surfboard hacks". Most home users have an Arris Surfboard modem. Walmart and Target sells the shit out of them.
- Buy a modem that can install third party firmware such as DD-WRT or LEDE and buy a geek a pizza and a six pack to configure it for you. I myself like combination pizza and Michelob Ultra.
- Change the router password in addition to the wifi password.
- Turn off remote management,ssh, telnet, and Universal Plug and Play (UPnP). The only way you should be able to interface with that router is through an ethernet cable hooked directly to it or via wifi.
- Get a hardware firewall appliance. pfSense is popular and it is FREE. You heard me correctly. It's free. Totally free. You can buy an old rack mount server on eBay for less than $100 that has the horsepower to run pfSense. THEN YOU HAVE A HARDWARE FIREWALL RIGHT AFTER THE MODEM AND RIGHT BEFORE THE ROUTER. This will cost you several pizzas and a case or two of beer. Money is also accepted.
There's much more you can do to protect yourself. Right now you're making it too easy for the bad guys. And it could cost you.