Skip to main content

Decrypt This: The future of router security

decrypt this the future of router security linkys
Image used with permission by copyright holder
Even 30 years after they were first introduced, the routers we know and love today are still struggling to find their footing. There is still hope, however, in the form of new devices called “network attached peripherals.”

Not only that, but as companies learn how to better communicate between themselves and their customers, the learning curve of creating a safe net of personal security is becoming more moderate every month.

Will a new era of transparency, innovation, and openness save us from a barrage of viruses and malware, or are we forever doomed to play catch-up?

Consumer Awareness

Consumer education about changing the default password on a router is basically nill.

Just this week, we posted a report from Incapsula security about a botnet that has been tearing its way through routers in Thailand and Brazil. Incapsula found that due to an increase in users leaving the default username and password combination on their router administration prompt after plugging it in, the MrBlack malware was able to automatically sneak in just by entering some variation of that same combo.

After it gained access to enough machines, it would then ping similar models to see if they too had their default credentials, and if so, hop to them. String enough of these unprotected devices together, and soon you’re left with one of the fastest spreading, most powerful botnets the world has seen in years.

All of this because consumer education about changing the default password on your router is basically nill. Sure, the manual might have a suggestion to change the password hidden away in the back somewhere, but until there’s a big red sticker stuck to the side of the router that says it won’t turn on until a user enters new credentials, infections like these will continue to be the rule, rather than the exception.

Network Attached Peripherals

Worryingly, it seems the router manufacturers don’t feel like waiting around for the rest of the world to catch up with its vision of the future. They’re already looking ahead to bigger, burlier wireless hubs that are more concerned with powerful Wi-Fi signals than security, and as we hook up an increasingly larger number of devices to those networks, the risk grows at an exponential rate.

As Internet of Things devices are already flooding into Best Buys around the world, it’s only a matter of time before your thermostat, refrigerator, and baby monitor are all going to be on the net and just as vulnerable to attack as your laptop or phone. If our routers are struggling to keep the credit cards punched into a laptop safe, just imagine how hard the ball might get dropped once security cameras are thrown into the mix.

Bitdefender Box front top angle full 2
Bill Roberson/Digital Trends

It’s a space that I believed could have been saved by devices like the BitDefender Box, which, despite its failure to achieve the heights it set out for itself, is still a good first step in the right direction.

There are other devices, such as the Anonabox, which are quickly lining up to join the club of networking devices that make big promises, and fail to deliver on almost all of them by the time they’re released.

The company came out with its own small white box (we’re noticing a trend here), which promised to completely anonymize all traffic coming and and going out of your router with a built in Tor node link. Unfortunately, early reviews have pegged a number of slip ups the Anonabox suffered from in testing, most of which were generally rudimentary issues which even a standard router is designed to detect.

But, despite those missteps, such devices are a necessary first step towards security-conscious peripherals that could be just as essential as the routers themselves in the next few years.

Custom Firmware

Last, there’s always custom firmware loadouts. While they may not be too friendly to the layman, open source firmware options like DD-WRT and Tomato give users all new levels of control over their own routers never thought possible before.

Because the firmware is open source, the community that drives its progression can react in rapid fashion to any serious threats that might appear, only moments after they’re first reported. It’s an adaptive, reactive system that moves with greater speed and flexibility than anything the major manufacturers could keep up with, and goes to show that the old adage of “if you want something done right, you might as well do it yourself” still rings true today.

Conclusion

The revolution to change the way we think about security in consumer routers won’t be coming anytime soon, but it’s on the horizon. The business of keeping these switches safe is a deep, complex issue with thousands of different possible answers at every turn, and it’s unlikely that any single approach from one company will be the magic bullet that cures all the woes.

Companies like Netgear and Linksys could stand to learn a thing or two from the likes of BitDefender and Anonabox.

So maybe we shouldn’t expect “someone else” to figure out for us. Maybe the real solution will have to be a part of a collective effort, one undertaken on behalf of all the manufacturers in the industry both old and new, along with the customers who buy their products. Companies like Netgear and Linksys could stand to learn a thing or two from the likes of BitDefender and Anonabox, and possibly even use that knowledge to transform their ambition into more concrete solutions before the decade is out.

At the same time, consumers should work to better educate themselves on the potential risks of routing technology, and learn how to effectively navigate around any potholes which might get in their way.

The fact of the matter is, no one’s going to be able to solve the problem on their own. It’s going to take the collaboration of some of the biggest names in the business to actually make a dent in the problem of personal home security, and the general public will have to pick up its fair share of the responsibility too.

Routers may take a lot of the blame for losing our credit card numbers and getting our identities stolen, but through collective collaboration, the situation might not be hopeless.

Chris Stobing
Former Digital Trends Contributor
Self-proclaimed geek and nerd extraordinaire, Chris Stobing is a writer and blogger from the heart of Silicon Valley. Raised…
A dangerous new jailbreak for AI chatbots was just discovered
the side of a Microsoft building

Microsoft has released more details about a troubling new generative AI jailbreak technique it has discovered, called "Skeleton Key." Using this prompt injection method, malicious users can effectively bypass a chatbot's safety guardrails, the security features that keeps ChatGPT from going full Taye.

Skeleton Key is an example of a prompt injection or prompt engineering attack. It's a multi-turn strategy designed to essentially convince an AI model to ignore its ingrained safety guardrails, "[causing] the system to violate its operators’ policies, make decisions unduly influenced by a user, or execute malicious instructions," Mark Russinovich, CTO of Microsoft Azure, wrote in the announcement.

Read more