After a recent high profile media story highlighted how poor router security led to a police raid of the home of an innocent family, we take a look at how Wi-Fi piggybacking attacks against home and domestic targets, and VoIP hacking of businesses worldwide are growing threats.
What Happened?
It has been reported that in January this year during the lockdown, the family home of a couple and their two young children was unexpectedly raided by police. The shocked and frightened family could only look on as their desktop computer, two laptops (and a borrowed laptop), current (in-use) mobile phones and old mobile phones retrieved from drawers around the house were taken away by officers. The family found themselves with just a landline for communications, and under suspicion for a crime which, as it later transpired, they did not commit, and knew nothing about.
Work Laptop
To make matters worse, the father of the family was forced to tell his boss that the police required the decryption key to unlock his work laptop, thereby making him fear for his job.
Wi-Fi Accessed Due To Poor Router Security
When the devices, which the family were told had been taken for ‘evidence’, were finally returned two months later, it became clear that a mistake had been made because the family’s Wi-Fi connection had been used without their knowledge, and by an unknown party to upload illegal images to a chat site.
The evidence given to the police by the National Crime Agency which led to the raid, had suggested that the illegal uploading had come from the family’s IP address. In reality, the family had simply fallen victim to criminals piggybacking their insecure wireless connection. The weakness that had allowed the attack is believed to have been a weak/poor default password on their old router.
Router Danger
A recent Which? investigation looked at the security aspects of 13 models of (commonly used) old routers from companies such as Virgin, Sky, TalkTalk, EE, and Vodafone. It was discovered that 6 million users may have router models that have not been updated since 2018 at the latest, with some not being updated since as far back as 2016! The investigation discovered issues with more than half of all routers (of those surveyed). This suggests that as many as 7.5 million users could have routers with security risks.
The main vulnerabilities threatening the security of business and home-user routers, which are often the same thing now with remote working, include weak default passwords that can be easily guessed by hackers, meaning that the router could be accessed remotely, from anywhere in the world. Local network vulnerabilities can also allow a cybercriminal to take control of a user’s device, see what a person is browsing, or even direct a user to malicious websites. A lack of recent updates to the Firmware of a router could also negatively affect a device’s performance, thereby affecting productivity, and leave outstanding security issues.
VoIP Systems Hacks on the Increase
Recent ‘Check Point’ research has also shown that there has been a big rise in cyber-fraud operations targeting VoIP phone systems worldwide. For example, a Gaza-based hacking group was found to be responsible targeting servers used by more than 1,200 organisations based across over 60 countries, with half of those targets being in the UK! What’s more, hackers worldwide are creating their own social media groups to share tips and know-how relating to VoIP phone system hacking and to organise and co-ordinate future attacks.
What To Do
Businesses can guard against router security threats by taking measures such as changing the username and password(s), ensuring that the router’s firmware up to date, changing the network name/SSID, stopping the Wi-Fi network name/SSID from being broadcast, enabling the router’s firewall, or simply opting for a router upgrade / a new, more secure router.
To guard against the threat of VoIP phone system hacks, businesses need to make sure that their security patch installation management systems and procedures are up to date, call billings are regularly analysed, there is clear and robust password policy in place, and that an intrusion prevention system is implemented.