Some troubling news was issued this week, with the the Australian, US and British governments issuing joint warnings about alleged Russian state-sponsored actors maliciously targeting routers and modems around the world, including in Australia.
Blink and you would've missed it.
In a press conference about the activity on Tuesday, Defence Minister Marise Payne said the Australian Cyber Security Centre believed potentially 400 Australian companies were targeted.
Defence Minister Marise Payne.
The US said targets included "primarily government and private-sector organisations, critical infrastructure providers, and the Internet service providers (ISPs) supporting these sectors"
The warnings serve as a reminder that often-neglected routers — those devices that glue computer networks together and also often connect them to the internet as well— can be a key, weak entry point into the home and business networks of millions of Australians, not just by state-sponsored actors, but by hackers looking to take over your home network.
"Commercially available routers were used as a point of entry, demonstrating that every connected device is vulnerable to malicious activity," Cyber Security Minister Angus Taylor said.
"… Australian businesses and individuals are constantly targeted by malicious state and non-state actors, and we must maintain rigorous cyber security practices."
But what rigorous practises are those?
And what can you do to protect yourself, especially given that it isn't only Russia allegedly targeting routers, but also the US and undoubtedly other countries' agencies as well?
We click a button automatically presented to us to update the security of our computers and smartphones on what feels like an almost weekly basis.
Automatic updates prompt us to install patches in anti-virus and firewall software or our computer's operating system, securing us all of the time.
While we may prolong them a couple of days to prevent the frustrating task of closing down and saving all of the information we have open in various apps, we get there eventually.
But when was the last time you logged into your home's router or modem (be it a Wi-Fi or hard-wired one) to check whether it needed updating? My bet is never, for the majority of the population.
If you haven't done so in the past six months, it's probably time to do it now, and to do it regularly. Because it's likely that dozens of security flaws have been found since you first purchased it and, if you're lucky, your router's manufacturer has released an update.
On hearing upon the Russian news, I took a look at my router and found it too needed updating.
One of the best things you can do in addition to updating your router is disabling access to its management interface from the outside world. This means not allowing anyone from outside your home network to touch its settings.
The other thing you can do is change the default password. Too often, router manufacturers don't prompt users to change these settings and it leads to circumstances like the one we have today, where malicious third-party actors gain entry.
With the devices often hidden away in cupboards gathering dust, router manufacturers could and should do more to protect consumers and small businesses. It's my firm view that they should force passwords to be changed on setup, and implement automatic updates that prompt you to install when there is a new one available.
Given the only time people log into their router is when there is a problem, it's about time router and other equipment manufacturers realise their responsibility to keep us safe and secure.
Troy Hunt, computer security expert and creator of the website haveibeenpwned.com — which allows you to check if any of your online accounts have been compromised by a data breach — agrees.
"We've seen vulnerabilities in consumer-grade routers many times in the past, often resulting in traffic being redirected to malicious websites," Mr Hunt says.
"We need to acknowledge that like all software, the code running in these devices can have bugs and that means we need a robust means of patching it. Especially for consumers, this must be automated; anything that requires human intervention will result in patches not being applied."
Source: Read Full Article