When was the last time you patched your Internet router? Probably never. That is what the CIA is counting on. As well as foreign governments and just plain hackers.
But when it comes to the CIA, they are probably not interested in you. That may not be the case when it comes to the other categories of folks mentioned above. Hackers want valuables; foreign governments may want your intellectual property.
In this case Wikileaks continued its steady flow of stolen CIA documents called Vault 7. The documents talk about vulnerabilities in certain brands of routers and and WiFi access points.
Apparently the CIA likes hacking routers because it is highly unlikely that you would detect it since there are no indications that it has been compromised. After all, other than a couple of blinking lights, most routers have no user interface at all.
According to the leak, the CIA tool is called Claymore and it figures out what model router you have and then runs a suite of attacks against it – tailored to that router. If it succeeds, it now owns your router and can make it do whatever they want.
For example, once the CIA hacks the router it can install its own software which might route all of your traffic through one of their monitoring points. If they are replacing the software in the router, they could do anything they want.
I hear you – I don’t have anything the CIA wants.
That could be true. Likely it is.
But do you have anything that an average-bear hacker might be interested in? Does your business?
While the CIA folks are sharp, this attack ain’t rocket science. In fact it is sort of junior high. The particular tools that they are using might be sophisticated, but the are leveraging the fact that most people do not patch their routers. Ever!
So what should you do?
- Change the default password. PLEASE! That is the first thing that hackers are going to try and do.
- Find out how to upgrade your router and do that monthly, if not more often.
- Better yet, pick a router that automatically looks for and installs its patches. Then you don’t have to deal with it.
While this is not going to stop everyone, at least the hacker will have to be out of elementary school to break in.
Information for this post came from Wired.