Now it’s the Wi-Fi
Hackers hitting home routers, US and UK governments say
The newest target in the world of cyber espionage: Your wireless router.
U.S. and British security officials are warning that nation-state hackers are on a quest to commandeer internet routers around the world – a broad campaign that would allow them to spy on web traffic, steal data, pose as privileged network users and redirect unsuspecting people to hacker-controlled computer networks.
In a technical breakdown of the attack, the security officials noted the hackers weren't even using malware. Instead, they simply scanned networks for devices with outdated encryption protocols, devices whose owners failed to harden them before installation, and devices whose manufacturers no longer support them with security patches.
Patching and replacing devices "are simple security strategies that are crucial but are often overlooked," said Rebekah Wilke, director of managed detection and response for cyber services at Raytheon.
That's especially true as consumers and businesses add internet-enabled devices to their computer networks, Wilke said.
"It can be easy to lose track of devices or maintain a patch-and-replace protocol," she said. "Sometimes it doesn't hurt to get back to the basics. Nail down those critical assets and services. Double down on any effort to identify and patch vulnerable systems."
The April 2018 warning comes two months after cyber researchers revealed a vulnerability in the WPA2 encryption protocol that secures many home Wi-Fi routers. The weakness, known as Key Reinstallation AttaCK, or KRACK, affects nearly every Wi-Fi device.
“The future viability of the Internet of Things will be determined by how seriously industry takes issues like this,” said Mark Orlando, chief technology officer for cyber services at Raytheon. “These devices are cheap and small and almost forgettable as millions of them feed data into our new cyber ecosystem. Updating them to keep up with cyber threats and new vulnerabilities was never part of the equation for many of their developers.”
The WPA2 protocol depends on what cyber experts call a “four-way handshake” process that takes place when a client looks to access a secure wireless network. Because Wi-Fi relies on radio signals, which can be distorted in transmission, the third part of the handshake can be re-sent from a wireless access point as a redundant safeguard. Attackers can collect those messages and replay them to gain access, according to a post from cybersecurity firm Forcepoint Security Labs. Raytheon owns a majority share of Forcepoint.
The newly discovered KRACK vulnerability carries serious implications for larger systems, including the developing Internet of Things, according to Orlando. He recommends three steps to protect current and future systems:
1. Bring transparency to the standards and protocols that govern how a new technology works, so the developers who depend on them can understand where risks reside.
2. For businesses including new technologies into their supply chain or operations, vulnerability assessments should be a best practice.
3. Continued sustainment of the Internet of Things requires active maintenance rather than deploying and forgetting about any device.
Consumers worried about their Wi-Fi at home should make sure to update the software on all devices. Most providers and manufacturers are already making fixes available.
Microsoft, for one, has already issued a security update for its Windows software. Apple has reportedly patched the weakness in current beta versions of its operating systems iOS, tvOS, watchOS and macOS; that fix will be available soon. Router manufacturers like Netgear and Eero are also issuing patches in the form of updates to their software.