Digital Subscriber Line (DSL) routers have become an essential part of home networks as they provide the gateway to broadband Internet. This gateway function also makes these devices important from a security standpoint. As the frontline of increasingly sensitive home networks, DSL routers become the subject ofan important question. Are they secure enough or can DSL manufacturers make changes toimprove the security of all home networks ?
Niemietz and Schwenk conducted a study on the security of home network routers. The researchers chose routers from ten different manufacturers, based on Amazon’s top ten most popular list, to study the security vulnerabilities of these inexpensive products.
To analyze the security of the routers, the researchers began the study by launching a number of different attacks at the router’s Web interface. The goal of each attack is to gain full control of the router and the user’s network. Once full control is gained, the attacker can change critical settings, make the network unavailable for a specific time and use the access to build botnets.
They used the techniques of Cross-Site Scripting, Cross Site Request Forgery and User Interface redressing to manipulate the victim to click on a malicious link or unknowingly share their user and password information.
In the process of analyzing the vulnerabilities of home routers, this study found that:
By proving that cheap routers can be easily hacked, the researchers were able to produce a list of simple countermeasures for manufacturers to use in enhancing the security of their product.
The implications of this study are not limited to DSL routers as many other devices share the web interface internet connectivity feature and possible vulnerabilities such as: network switches, smart TV systems, network-attached storage devices, etc.
This study gives a representative overview of the security of current home router Web interfaces, and the possibilities to gain full access through Web-based attacks. The flaws of these systems put home networks at risk. The countermeasures listed are well known; therefore this study is a necessary security evaluation for manufacturers and purchasers of DSL routers.
Home DSL Router security is poor and can be greatly improved by small changes made by manufacturers.