Latest posts by Alvin Bryan (see all)
- Millionaire Tyupkin Malware ATM Hackers May Come to US, India After Hitting Europe - October 23, 2014
- BitLicense Will Allow Bitcoin Spying in New York - October 22, 2014
- Australians are Fighting Data Retention Laws - October 22, 2014
We all know about wireless vulnerabilities. But recent studies have proven that most popular off-the-shelf wireless routers can be exploited. Any attacker with LAN or WLAN access and a moderate level of skill can hack them. VPN protection is an effective solution to blocking attackers from accessing personal data over hacked networks.
Critical SOHO Router Vulnerabilities
A recent study by Independent Security Evaluators of Baltimore discovered that 13 of the most popular off-the-shelf wireless routers can be exploited by a “moderately skilled” adversary with LAN or WLAN access. Security Analyst Jacob Holcomb discussed the implications of pervasive vulnerabilities in SOHO router products at the recent Derbycon conference. He explained how ISE discovered and identified all new and very critical security vulnerabilities in different types of small office and home office (SOHO) routers and wireless access points. 13 routers that can be bought off-the-shelf were demonstrated to be exploitable by a local adversary on the (W)LAN and Guest (W)LAN. And 11 of the 13 tested were exploitable by a remote adversary.
The vulnerabilities that ISE research found persisted in this class of routers ranged from unauthenticated router take over to authenticated takeover with minimal participation from users. Holcomb presented many root vulnerabilities and gave a breakdown of the anatomy of exploitation. Among the successful tested attacks are Buffer Overflows, Cross-Site Request Forgery, Command Injection, Directory Traversal, Authentication Bypass, and Backdoors. Also demonstrated was full router compromise by an adversary, and the implications of such compromise. Several root exploits were discussed showing the obstacles faced by the security team.
Many internet users rely on SOHO networking equipment as their staple or to supplement existing infrastructure. The many application security issues that plague perimeter networking devices in millions of homes and small businesses around the world find their root in SOHO vulnerabilities. In addition, when user connect to public wireless networks or those offered by restaurants, airports, stores, and the like, most are connecting to SOHO networking equipment. The vulnerabilities allow attackers full root, or administrative, control over the devices. Aside from the vulnerabilities, unlike computer and server operating systems, there is no effective patch management solution for SOHO equipment.
Ultra VPN Security
Most home and business users of SOHO equipment are led to believe that their SOHO networking equipment is secure and free of vulnerabilities. Holcomb’s presentation demonstrated that this is 100% untrue. Vendors are unaware that attackers are able to target SOHO networking equipment from the WAN and do not realize that the wireless/LAN are not immune to malicious threats. Device administrators mistakenly assume that if they disable router services that they are not vulnerable to exploitation. As new technology and hardware develop and we rely more and more on the internet, we will experience attacks of increased magnitude and frequency against our network infrastructures.
The solution is to run all internet traffic through an ultra VPN to prevent intrusion on the network through router exploitation. VPNs are often used by travelers, overseas workers and public WiFi users. But ultra VPNs are now a necessity even on home networks. Cyber-criminals are getting smarter, and now we are no longer safe even on home connections that we thought were the most secure. Ordinary internet users are particularly prone to attacks from identity thieves and malware from numerous sources. Ultra VPN connections are a necessity to keep safe from online attackers.
All internet users need an ultra VPN to regain control over their network security. Many users already fear that they are no longer in control of their data online. Now we find that part of the problem is exploitable routers. By taking advantage of the technology that ultra VPNs provide, user privacy and safety can be achieved through VPN encryption. An ultra VPN app keeps a user’s online activity private by creating a private tunnel between the user’s device and the internet. All data and traffic is encrypted and routed through a secure ultra VPN server. This added layer of protection plays an important role for both corporate and personal protection online. Information is kept secret and devices are protected against malware, phishing, identity theft and other pervasive online threats.