Things used to be a lot simpler.
When consumer internet first became mainstream in the late nineties, homes rarely had more than one device that connected online. This was just as well, because in the dial-up age our internet connection used the same analogue frequencies as our phone lines, so even one connected computer usually meant that nobody in the house could make a phone call. Diplomatic ties between family members were strained to say the least.
As broadband technology and home computing developed, the modern WiFi router came along to help spread web access to all computers, and eventually to phones and tablets in the house as well. Things show no indication of slowing down, and the average home router is now a gateway into a network of all kinds of connected devices. And just like with many emerging technologies, security has often been an afterthought, at best.
There are many reasons why most home routers are unsecure, and these problems kind of stack on top of each other. One key issue is one that plagues all the most popular routers, including models that top Amazon lists or ones that are issued by ISPs. Criminals put a lot of effort in researching for security vulnerabilities in them, as there will be a higher pool of possible victims. Routers like this are also often made cost-efficiently, at least when it comes to their security.
The real Achilles heel of traditional routers, however, is the often antiquated firmware inside them. Firmware is the program inside the router that controls what the router hardware does. The average consumer has probably never even considered updating their firmware, and even if they had, the user interfaces on many routers seem more like cruel jokes than anything else. The standard for router usability has been so low for so long, we have almost accepted it as a fact of life.
Turning on automatic updates for an operating system has long been highly encouraged by the security industry. Unfortunately, many traditional routers don’t even have this functionality. An even worse kicker comes when a router reaches its end-of-life phase, meaning they are no longer supported by the manufacturer. This means that even if you were able to figure out how to update the router, the firmware patch might be years old and all but useless against vulnerabilities discovered since.
Traditional routers are unsecure partly because the technology they run was not invented for the hyperconnected world we live in today, where technology and threats associated with it evolve at lightning pace. Security tends to lag behind innovation, and this has been extremely apparent in the router industry. We created F-Secure SENSE so that users could embrace the connected world and all of its potential without worrying about the negative side effects. This is why we call it the “missing piece of your connected home”.
This is a guest post by F-Secure trainee Mari Mäkinen. The cyber security market is…
July 19, 2017
On a recent trip to the Finnish Archipelago, F-Secure security advisor Sean Sullivan scanned the…
July 13, 2017