SecureMac, Inc.

The Checklist Podcast

SecureMac presents The Checklist. Each week, Nicholas Raba, Nicholas Ptacek, and Ken Ray hit security topics for your Mac and iOS devices. From getting an old iPhone, iPad, iPod, Mac, and other Apple gear ready to sell to the first steps to take to secure new hardware, each show contains a set of easy to follow steps meant to keep you safe from identity thieves, hackers, malware, and other digital downfalls. Check in each Thursday for a new Checklist!

Checklist 89: Router Rundown

Posted on May 17, 2018

There are some items of technology in our lives that are so standard and ubiquitous because of how fundamental they are to the way things work that it’s very easy to take them for granted. Because we don’t pay a second thought to these things, we also quickly get stuck in security pitfalls and fall for traps that play on the fact that we don’t know or think very much about them. For example, have you ever really thought much about your router? With so many connected devices in our homes, offices, and pockets today, it’s entirely possible you aren’t even sure what it is that a router does. Maybe all you know is that it’s the thing that lets you get on the Internet at home or use the Wi-Fi at Starbucks!

Today, we’ll be covering a few of the necessary things you should know about routers, plus some of the biggest and most serious threats out there that can impact this fundamental technology. On our list for this week:

  • What does a router do, exactly?
  • What’s going on with the Russians?
  • What can you do to protect your system?
  • Basic tips for choosing routers

Figuring out what these black boxes with blinking lights do for us seems like a natural place to start, so we’ll begin there.

What precisely does a router do?

Think of how many Internet-connected devices you have in your home. If you’re in a bigger family, there could be three or four computers, not to mention smart devices such as phones and tablets that you might have. Even though you have all these devices, chances are good you only have one Internet connection available at home, usually in the form of a cable or a DSL modem supplied by your Internet service provider.

Have you ever wondered how it is that you can use all these devices on the Internet at the same time without ever encountering a mix-up? How can just one modem handle all that traffic at once? After all, there are tons of simultaneous requests flowing from your machines to the model, and it needs to make sure that all the data ends up in the right place.

At the root of things, that’s what a router does: it can handle substantial amounts of network traffic going to and from multiple locations while keeping it all in order. By coordinating all this information between your devices and the modem, routers enable efficient, seamless sharing of a single connection.

Consider an example: you’re surfing the web on your MacBook, and you decide you want to visit Apple.com. At the same time, your roommate in another part of the house chooses to visit Microsoft.com. As this happens, the router receives the requests, sends them to the modem, and gets the reply — that is, the data for the web pages. It then makes sure that each of your computers loads the correct site by sending the data packets to the right destination.

So, what if you’re saying to yourself, “Wait a minute — I don’t have a router. I’ve only got my modem. What gives?” While standalone routers were almost a necessity ten or fifteen years ago, these days many modern modems supplied by ISPs come with a router built right in to the same hardware. This saves space and offers better efficiency, whereas some of the older standalone models could prove tricky for end users to operate.

However, you could still have more than one router in your home, even if you don’t think of it as such. For example, do you struggle with providing adequate Wi-Fi coverage around your house? If you use range extenders or signal repeaters so you can keep surfing the web even when you’re down in the basement, then you may be dealing with multiple routers already.

Routers don’t just handle traffic from the Internet, though. They’re also highly useful for managing local network traffic, which can enable you to stream media from connected storage to your TV or share files. In the earlier days of PC gaming, routers were a necessity to make the iconic “LAN parties” a reality — all-night parties between friends lugging their computers to someone’s house to play games together. Today, the advanced state of online play makes that much less common, but it’s another excellent example of the versatility and importance of routers.

OK, so that’s what a router does — how could it pose a security threat? Since routers face the open Internet and handle sending your requests out, they can also act as a gateway into your network. That fact was at the center of a major recent cybersecurity announcement.

What’s going on with the Russians?

What happened? On the 18th of April, the FBI, in conjunction with the US Department of Homeland Security and the United Kingdom’s National Cybersecurity Centre, issued a major alert, warning that hacking groups with known ties to the Russian government were undertaking a wide-scale attack on many types of network devices. These hacks were sophisticated and complex and unfolded over time in a multi-stage process.

In stage one, the hackers would look to identify open ports on vulnerable, Internet-accessible devices. As we discussed in a recent episode, almost anyone can scan for open vulnerabilities on the web, though it takes a fair amount of knowledge and understanding to exploit them fully. The Russian hackers were looking for open doors and broken windows they could use to attack the networks behind those ports.

In stage two, the hackers would probe the networks and identify devices vulnerable to the types of attacks they used. After locating a targeted device, the hackers would send specially made network traffic to them, maliciously exploiting vulnerabilities and causing the devices to send back their configuration files. Within these config files were the first prize the hackers sought: sensitive information such as the hashed passwords for other network devices available through the open door. Stage three involved cracking these hashed passwords, thus gaining the ability to log in to these computer networks remotely.

Finally, stage four: use these hacked credentials to take over the router altogether. They would then map out the internal network available to the device, modify its firmware to give them broader control and execute man-in-the-middle attacks by redirecting a user’s requests through servers controlled by the hackers. Ultimately, these “pwned” routers would then serve as a launchpad for future attacks.

Through control of these routers, hackers had a clear view of all the traffic passing through them. In other words, if the bad guys could break into a corporate network and take over one of the main routers, they could see all its traffic, both internal and external. This allowed them to harvest website login credentials, intellectual property, and reams of other sensitive internal data.

Yet, despite the complexity of this undertaking, the hackers didn’t have to come up with anything new to do it; they used no new exploits or zero-day vulnerabilities to carry out these attacks. Instead, all they had to do was use known vulnerabilities in existing routers, relying on the fact that many people rarely think to upgrade or update the firmware on this hardware. In fact, some older routers can’t even receive patches these days, either because the company that made it has gone out of business or because it’s just too old.

So, was this a targeted attack? In some sense, yes — it looks like the hackers were primarily trying to find intellectual property to steal, alongside other high-value data. However, they hit everyone from big corporations to home offices. It’s possible that they struck so many targets to hide their true purpose, or it could be that they only looked for any opportunity and ran with it to see how far they could go. In either case, this was a significant event. So how can you keep yourself safe?

What can you do to protect your system?

The answer to that question is: it depends, mostly on where your router came from initially and how old it is now. Did your router come from your ISP? These are usually modem/router combination units, and you don’t often have much choice in which model you’ll receive. These come standard and often feature relatively “locked down” firmware that limits what you can do to change it.

However, some ISPs allow you to “bring your own,” in which case you can purchase a third-party combo unit instead of paying to rent the hardware. In this case, your options for good security practices are a little more open. Of course, there are some instances when you might not be able to access your router at all, such as if you live in a place that provides building-wide Wi-Fi. This is particularly common in college dorms and some apartment complexes.

If you’re dealing with an ISP-provided router or building-wide Wi-Fi, you’re at the mercy of the ISP and/or the building operator. In these cases, it’s up to your ISP itself to make sure that the router stays patched and up to date. The good news is that most major ISPs are very good about staying up to date on this, and there’s nothing you have to do to make sure that your router has its updates applied. Because the modem from your ISP should be capable of receiving automatic updates, it will patch itself whenever the ISP sends out the data. However, if your current model is very old, that may not be the case; more on that in a moment.

If you “brought your own” router to the game, then you’ll need to log in to the router itself and manually install firmware updates. Typically, one would do this by simply opening up your browser and typing the router’s IP address on your network into the URL bar. There is often a sticker on your modem or router that shows its default IP address and usually the default password you’ll need to log in as well. If you’ve never touched these settings before, chances are good the defaults are still in place.

Don’t see a sticker and still don’t know how to access your router? It’s not too difficult to find out, especially if you connect over Wi-Fi. If you’re on your Mac, all you need to do is hold down the option key and click the Airport menu bar icon that pops up in the resulting menu. In the information, the resulting pane will show you, you can see the router address clearly displayed in the data. Take that number and plug it in to your browser to begin the login process.

If you instead use a wired Ethernet connection to get your Mac online, finding the address takes a few more steps, but it is still relatively easy. Follow this quick checklist:

  1. Click on the Apple menu, available in the upper left-hand corner of your screen
  2. Select “System Preferences”
  3. Now click on “Network,” being sure to the select the active connection that you use to browse the Internet
  4. On the resulting pane, click the “Advanced” button
  5. Now select the “TCP/IP” tab, and you will be able to see the IP for your router.

If you’re on iOS and want to check on things with your router from a mobile device or an iPad, tap settings, then tap Wi-Fi. Select the info button (a small circle containing a lowercase “i”) next to the network you’re connected to, and the next page of information will provide the IP address.

Once you’ve logged in, you should be able to apply any updates, if available. Most modern routers will display an alert when its firmware is out of date or when you can download an update. A word of warning, though: upgrading firmware can be tricky, and if you don’t do things properly, it can “brick” your device, rendering it completely useless. Meaning that if you do choose to update it yourself, you should carefully follow the procedure and steps given to you by the update wizard. When in doubt, consult with the manufacturer or your ISP for further details.

What if you don’t see any available updates on the router page, or you discover your last firmware update was a long time ago? Again, check with the manufacturer to ensure that support for your model is still ongoing. You can also google the firmware version number along with your router model to determine when it was released. If it’s only six months (to a year at most) old, then you’re likely still supported and in good hands. If it was several years ago, it might be time to think about upgrading to a newer, more secure model.

While you’re logged in to the router, consider changing the username and password, especially if you never have. Leaving the default combo in place not only means that it’s very easy for someone to log in to your modem/router page if they can connect to the network, but it could leave you vulnerable if you suffer a malware infection. Use a strong password just as you would for a website. While we don’t necessarily recommend writing passwords down, storing a hard copy of your modem password in a safe place at home can help you in case you forget and need to get back in six months from now.

Basic tips for choosing routers

So, if you do decide what you need a new router, what sort of things should you consider? As we mentioned, if you depend on your ISP for your modem/router, you won’t have much choice regarding the actual model supplied. However, if you’re concerned that your current router is too old and out of date to be still secure, call your ISP and let them know about your concerns. Do note that you may be required to pay for the new router, but it will ensure that you have the necessary protection to guard against modern threats.

If you go out to the store or start shopping online, make sure the one you pick up is a recent model, typically produced within the last year or two. In other words, don’t head over to eBay to grab a steal of a deal on a router from 2011 — you won’t have a good time with one of those. The more recent a model is, the more likely there will be patches and firmware updates that keep you safe from the newest problems. There are other reasons to avoid older routers, too, even if they are bargains: many of them don’t even support the latest Wi-Fi security standards.

Remember WEP? It was the gold standard in the early days of Wi-Fi, but now it’s completely broken; anyone with the right software and a bit of time can crack a WEP key and break into your wireless network. Similarly, the original WPA-PSK standard is now deprecated too. For the maximum safety, you want a router compatible with WPA2. There are several types of WPA2, including one based on the AES encryption standard, but as long as you choose a recent version, you will still be safe.

After purchasing your new router, log in to its setting pages and turn off any unnecessary services. Close down open ports that don’t need to be accessible to the open Internet; you can check these settings on the router’s firewall configuration page. Right out of the box, you probably won’t have too much to close down, but check anyway to ensure nothing is insecure by default. While you’re here, make sure that none of your computers are in the router’s “DMZ” — this is a mode that places devices entirely outside the router’s firewall protections. While it can be useful for troubleshooting connection problems, it exposes your machine to all kinds of potentially malicious traffic on the web.

What about the situation we described earlier in homes that rely on range extenders to improve Wi-Fi reception at home? If you want to set up a mesh network or boost your signal to enjoy better connections, make sure to look for signs of compatibility between your router and these extenders. This is often easy to spot on the box or the product info page when you shop for these products. There’s nothing worse than wrangling with a system that won’t cooperate due to weird compatability problems, so do your homework in advance.

Some routers in this class have the capability of operating in “bridge mode,” which makes the extender act as though it were a digital extension of the main router. In other words, there’s no visible difference between your primary network and the extension when you use a bridge. At other times, this functionality isn’t available. You’ll connect the extender to the main router, but you’ll then have to connect to a secondary Wi-Fi network to hop on the boosted signal. This will largely depend on the layout of your home and the type of product you buy, but some experimentation can yield the best coverage.

Whenever possible, shop for and purchase the most recent models you can find. This not only ensures a more extended period of active support from the manufacturer but can assure you’ve got the latest updates out of the box — or as near to them as possible. With that in mind, and with an understanding of how to keep your router secure over time, you can browse the web with ease and in peace.

That wraps up today’s edition of The Checklist — we hope you’ve learned a little something about this humble hardware that keeps us all connected all the time. We also hope this will inspire you to take a closer look at the hardware in your life you might take for granted and to consider the potential security implications. For now, be sure to change your default password at least and check your firmware version!

Join our mailing list for the latest security news and deals