Why can't Smart Routers be Really Smart?
01 Jan 2017In 2016 the media reported on a number of Distributed Denial of Service (DDoS) attacks that significantly disrupted aspects of the Internet, wreaking havoc that ranged from minor inconveniences for many, to serious financial losses for some. The DDoS attacks were caused by botnets, which are composed of large numbers of unsecured, hacked devices that are connected to the Internet. Attackers take advantage of numerous well-known and lesser-known vulnerabilities in a multitude of connected computers, routers, surveillance cameras, and other devices. When they find a device they can hack into, they take control of the device for their own, often destructive, purposes.
Sales of Internet-connected devices (a.k.a., the Internet of Things or IoT) are exploding, and there are no signs that the trend is slowing. On the contrary, more and more connected devices are being introduced and sold into homes and businesses because they are so useful and/or cool–they are here to stay. Unfortunately, we haven’t yet figured out how to protect these devices from attackers, or how to protect ourselves from hacked devices.
There are thousands of vulnerable products in millions of homes and businesses, and each of them need to be fixed by its manufacturer. That will be a big, distributed effort that will take a long time. Until that happens, how can we prevent attackers from finding and hacking vulnerable Internet-connected devices?
All of the vulnerable devices have one thing in common–they connect to the Internet via a relatively inexpensive, sophisticated, commercial router. Every household and most businesses have one router through which 100% of their Internet traffic flows–you can think of it as an Internet gatekeeper. Sometimes that router is built into the modem that is provided by their Internet Service Provider (ISP), sometimes it’s a separate box connected to the ISP’s modem. Routers are quite complicated–they often have built-in firewalls and VPNs for security, logic to intelligently route traffic to the devices “behind” them and much more.
My question is, why hasn’t one or more of the very sophisticated companies that
make and sell routers–Cisco, D-Link, Netgear, Apple, Google,
etc.–made an inexpensive commercial router that’s really smart? A Really
Smart Router (RSR) would have at least these characteristics:
- An RSR makes sure that it has a strong password.
- An RSR itself is very well protected.
- An RSR checks the devices connected to it for known vulnerabilities.
- An RSR automatically and securely keeps its software up-to-date.
Each of these features probably needs to be able to be overridden by their owner, for reasons they think are strong enough to reduce the security of their network, but they should be turned on by default.
Strong Password
Almost all routers have a simple/weak password assigned when they are brand new–it’s printed in the router’s manual so that new owners can easily set up their new router. The manual usually advises the new owner IN ALL CAPS to change the password to something stronger, but leaves it at that. People being people, many new router owners never change their router’s password, making it an easy target for attackers.
An RSR would refuse to work until its password was set to something hard for an attacker to figure out. “Hard to figure out” can be satisfied a number of ways. Maybe the password can’t be too short, so that it can’t be guessed quickly. Maybe the password can’t be in a dictionary of common words or have any form of the initial simple password in it. Maybe an RSR doesn’t allow login attempts to happen quickly, so that attackers can’t “brute force” guess thousands or millions of passwords in a very short time.
Well Protected
Once protected by a strong password, I think that most routers are pretty resistant to exploitation by attackers. However, I’m sure that more than a few have known vulnerabilities that haven’t been fixed, or even have “back doors”–ways into the router that bypass the password check that are intentionally built into the router.
An RSR would be a fortress–it would have no back doors, its software would be aggressively tested for vulnerabilities, and any found would be fixed quickly.
Checks Connected Devices
This is a biggie. Many security experts and companies are well aware of almost all of the vulnerabilities that attackers use to create botnets. The experts know what the devices “look like”; they know how to exploit their vulnerabilities.
On some frequency–once a day, once a week, when it detects a new device–a Really Smart Router checks every device connected to it against a comprehensive list of known vulnerabilities. If it finds a vulnerable device, it informs the owner and disconnects the device from the Internet completely. The owner would receive enough information to know what to do next–which device is the problem, what the problem is, and how to fix it. (Some devices are not easily updatable–they may need to be recycled.)
The devil is in the details, but this doesn’t seem like a terribly difficult feature to implement.
An RSR wouldn’t store every known vulnerability inside of itself (even if it had unlimited space, the list of vulnerabilities is always growing)–it would “phone home” to its manufacturer with the “signature” of the devices connected to it, and its manufacturer would send it the list of vulnerabilities to check for on each of them.
I’m frankly surprised that no router manufacturer that I know of does this already.
Automatically Updated
Even a Really Smart Router that did all of these things could not be perfect. New Internet-connected devices are created all the time, maybe with types of vulnerabilities that the RSR doesn’t initially know how to check for. The RSR’s software itself may have vulnerabilities that don’t get discovered until after many of them are installed in customers’ homes and businesses.
Most if not all routers already have a way to update their software. However, not many routers make updating their software easy or convenient, or have an option to automatically update it. People being people, I think RSRs must have an option to automatically check for and install new software without requiring the user to press a button or visit a web page–it needs to be 100% automatic.
The updating process itself needs to be secure, too–it must be impossible for an attacker to pretend that it’s the RSR’s manufacturer, and fool it into downloading and installing the attacker’s software!
Our phones and computers can do this–heck, even smart thermostats update themselves to the latest software automatically! There’s no good reason our routers don’t.
We need Really Smart Routers!
Every year, millions of new connected devices are installed into people’s houses and businesses. DDoS attacks will continue to happen more and more often, causing more and more disruption, unless vulnerable devices are removed from the Internet when they’re discovered.
I think that we need Really Smart Routers, and badly!
What do you think?