Hackers Prey on the Vulnerable

Risks to the security of Internet-of-Things devices will persist as long as consumers and manufacturers ignore baseline defenses. There are numerous reports in the media about smart gadgets falling under control of cybercriminals who use them to build an infrastructure that serves their purposes.

Because of their ubiquity, home routers are a common target of hackers, as are digital surveillance equipment (IP cameras, DVRs, NVRs) and network-attached storage (NAS) systems. Hackers can try multiple methods to hijack a device available online. Here’s a list of the most common ones, which have made some waves in the media and the security industry:

* Default login credentials

– Many users leave their connected devices set to factory defaults. The infamous Mirai botnet capitalized on this mistake to build its DDoS cannon of hundreds of thousands of smart devices.

– Accessing and managing a system remotely is possible via a telnet connection. Although it is considered unsafe because of the lack of data encryption, it is often enabled from the factory. The Hide and Seek botnet propagates to other gadgets via this service.

– SSH (Secure Shell) connection achieves the same goal as telnet, but all data flows through an encrypted tunnel.

* Exploiting publicly known vulnerabilities

– Cybercriminals have diversified their attacks against IoT products and hijack them using exploits for known vulnerabilities. A streamlined firmware update process is far from an IoT strength, so many devices run vulnerable software. The Satori and Reaper botnets profited from this to compromise tens of thousands of gadgets.

* Management protocols

–  Some management services, like UPnP, have been abused to strengthen a botnet, while others (SNMP, HNAP, SSDP, CWMP) are known for exposing the network.

* Backdoor accounts

Some devices may have hidden accounts with hardcoded credentials, accessible via telnet or SSH; as soon as the word is out, the details can be used to infect those systems.

Mitigating these risks does not require an expert. You can set up efficient defenses against most types of attacks; and there isn’t much to it, either:

– set your own username and password for web interface access

– disable any service that gives access to the device from the web (telnet, SSH)

– do not expose the UPnP service online, and, unless absolutely necessary, turn it off for the local network, too.

– keep your devices updated with the latest firmware version from the vendor

55 comments

  • By David - Reply

    When Bitdefender BOX will become available in EU?

    • By Bogdan Botezatu - Reply

      Hello, David.

      The Bitdefender BOX is already available in EU. To learn more about it, please visit https://bitdefender.com/box/

  • By R M Goodrum - Reply

    As a 81 years old computer illiterate I can honestly say I never understood a word of your text but thanks anyway.

  • By Ian McLeod - Reply

    Really good article.. I just shared it online.. Thanks for raising awareness. Thanks…

  • By Aktham Sharif - Reply

    Is bitdefender box available in the EU? I have bitdefender anti virus on my labtop

  • By Cliff - Reply

    This information would be far more useful if it gave instructions or guidance about how to do the things recommended. It would also help if the speaker would speak more clearly and pronounce the word “router” correctly.

    • By Bogdan Botezatu - Reply

      Hello, Cliff.

      1. Disable Telnet
      2. Disable SSH
      3. Disable Remote management or access (depending on how your router calls it)
      4. Pick a good password for your Wi-Fi to prevent your neighbours from connecting to your network.

      This is easier than it may sound. Your router’s user manual documents how to turn these features on or off – these settings are exposed in different sections of the admin interface, depending on the router’s make and model. This interface is like a remote control – it does the same, but the button layout is different from TV to TV.

      Stay safe!

  • By Leslie Preston - Reply

    Why don’t you get a none computer nerd to write this in plain English. You may then get some interest from customers!. We don’t all have time to go to links and read reams of computer talk. I need to get behind the wheel and drive it every day not keep getting under the bonnet!
    Best wishes
    les

    • By Bogdan Botezatu - Reply

      I’m sorry that you feel like that.

      What we described here is as simple as it gets: disable some things on your router to harden it against outside attacks. How to disable these features is explained in your router’s user manual. I like the car analogy, so I’ll use this further. Think of your router like a car. It has a control panel – the car’s dashboard buttons. Every car you drive has a different layout for these buttons (the router’s functions). What we told you here is to locate some features on your dashboard and turn them off. It’s not about getting under the bonnet, it’s about locating the hazard lights ion your dashboard and pressing the button to turn them on or off.

      Hope this helps. Stay safe!

  • By Nicholas Nutt - Reply

    This seems a very useful and important video – but please could you give clear, easy details about how to do the first three recommendations given above. It is very trendy to give a U-Tube presentation, but words are often easier!!!

    • By Bogdan Botezatu - Reply

      Hello, Nicholas.

      We can tell you what features to turn off and what to change. How you do it though depends on your router make and model. They list these features in different sections and there is no way to show everybody how to do it at once. The best way to locate where they are is to refer to the router’s user manual. Once you locate the features, it’s a matter of checking the right boxes and pressing the “Submit” button.

  • By E Domaille - Reply

    I am just an average user with very little computer knowledge and little interest in obtaining such. My interests lie solely with being able to safely deal with my finances and several other private interests.

    It would appear that the only way forward to be safe is to purchase Total Security (with VPN premium), Antivirus Plus and Internet Security that at full price would be £195 per annum plus a one off price for a Defender Box of between £84 and £185 plus US tax.

    I cannot even begin to understand SSH, ioT, UPnP, SNMP, HNAP, SSDP, CWMP. etc etc. It appears that there are so many ways my computer can be accessed outside of my control that I either have to pay a small fortune to experts such as BitDefender to prevent that happening or give up using a computer altogether. I am seriously considering the latter.

    Being an octogenarian I am sorry if this sounds so cynical, I appreciate your Company is doing all it can to prevent those out to exploit others but at the end the day at what cost to the user? That was never the intention of Robert Khan and Vint Cerf.

    • By Bogdan Botezatu - Reply

      Hello,

      I’m going to re-write what I told the other commenters on this blog post: you don’t necessarily have to understand what these protocols are, or how they work. That is why we’re here. This is why we have provided a couple of action items that can be easily implemented:

      1. Disable Telnet
      2. Disable SSH
      3. Disable Remote management or access (depending on how your router calls it)
      4. Pick a good password for your Wi-Fi to prevent your neighbours from connecting to your network.

      This is easier than it may sound. Your router’s user manual documents how to turn these features on or off and it’s not any more complicated than, say, running a TV station search on your television set.

      Stay safe!

  • By John Anderson - Reply

    Written by a geek for geeks. Not one word, expression or abbreviation is hardly decipherable by the average user. If you want to help write in more simpler terms. I got nothing from this. We should not have to jump all over the place to find definitions.

    • By Bogdan Botezatu - Reply

      Hello, John.

      Networking is a terribly complex thing, i’ll give you that. But you don’t have to understand how these things work to stay safe. This is why we’re here for. We provided a checklist for things to do in order to secure the router:

      1. Disable Telnet
      2. Disable SSH
      3. Disable Remote management or access (depending on how your router calls it)
      4. Pick a good password for your Wi-Fi to prevent your neighbours from connecting to your network.

      Just by turning these services off, you are improving your security posture A LOT. and it’s easy to do it, enabling or disabling these features is a process very well documented in your router’s user manual.

      Thanks for the feedback – stay safe!
      Bogdan.

  • By claudel masse - Reply

    Unable SSH Telnet but how and where…..

    • By Bogdan Botezatu - Reply

      If you cannot find SSH and Telnet among the options, then there is no need to worry. They have not been enabled on your router make and mode and you are safe.

  • By jane kotsanos - Reply

    i guess this is great information, but you gave me no information as to how to actually set my router to follow your suggested protocols…so it was not useful…
    thanks
    jane kotsanos

    • By Bogdan Botezatu - Reply

      Hi there, Jane.

      Each router make and model has a different administration interface and it is nearly impossible to cover them all in one video. But staring from this simple checklist (disable Telnet, SSH, UPnP and remote management, as well as setting a strong password for your Wi-Fi network), users can refer to their router’s user manual and perform these changes in a couple of clicks. It’s really not that complicated now that you know what to turn off.

  • By Edith Abate - Reply

    If I rent my router from a communications company can I still take all these precautions or change anything?
    How do I get into their software?

    • By Bogdan Botezatu - Reply

      Hi there,

      Communications companies usually do the setup and hardening before deploying the router in your home. They also lock down routers so users cannot change settings. If this is the case, you should be OK, no need to worry.

  • By Beverly Baehm - Reply

    You are talking WAY ABOVE the head of the average user. I didn’t understand any of this. The Video explained it better BUT my router doesn’t have any of the things you are talking about just 4 plugins.

    • By Bogdan Botezatu - Reply

      HI there, Beverley.

      Your router has an administration interface, It is similar to a control panel where users can customize aspects like the Wi-Fi name, the access password and several other features (including what we mentioned in the video). Tweaking these settings is easier than it may sound. Your router’s user manual documents how to turn these features on or off and it’s not that complicated Unfortunately, given the diversity of routers on the market we can’t tell users where to find what, as we do not know what router models they have in their homes.

      Stay safe!

  • By joel price - Reply

    need info in print f0rm

  • By Claudia - Reply

    You say at the end of the video to click the “click” button for more info. Where’s the link?? You talk about what to change in the router but now how to change it!

    • By Bogdan Botezatu - Reply

      Router interfaces vary from model to model, and this is mainly why we could not elaborate on HOW to change settings. Knowing WHAT settings to alter, users should refer to their own router’s user manual to locate the settings and adjust these accordingly.

  • By Louis Wade - Reply

    Most of the directions on your email are totally confusing to me. I guess this would help someone who is a computer geek or works in IT, but I don’t understand it at all.

    • By Bogdan Botezatu - Reply

      Hello, Louis.

      If you have a tech-savvy friend or family member, bring this up with them next time you meet. Tell them that you’d like to have your router checked for what we show in the video. They will be able to help and this will greatly improve your security posture. Thanks for watching the video – stay safe!

  • By Paul - Reply

    the video looks really helpful except that it doesn’t tell you where and how to find those various setting to change them or turn them off.

    • By Bogdan Botezatu - Reply

      Hello, Paul.

      Thanks for the feedback. There is a reason why we did not include this information in our video. There are literally thousands of router models in as many configurations. It would be impossible for us to maintain and update a comprehensive list of routers and configuration steps. We just wanted to raise awareness that these options exist and should be tuned accordingly for best security. With this information in mind, the user should either refer to the device’s user manual, ask for support from the vendor or call a tech-savvy family member or friend for help. Knowing about these threats is the most important thing – misconfiguration or bad security practices are still the number one reason routers get compromised. Awareness is key – it empowers users and give them an opportunity to act.

  • By Pat - Reply

    It was helpful to receive this, but you should have explained how to disable Telnet, SSH, and UPnP; also, how to turn off remote access. And is remote access the same as remote management? My Netgear Router R6220 has many settings.

    I was able to find some of these terms by clicking on every single link and trying to figure out what I was looking at. I found UPnP and (I think) remote access–if it’s the same as remote management, that is. The first two–Telnet and SSH–remain a mystery.

    • By Bogdan Botezatu - Reply

      Hello, Pat!

      You are right, Remote Access and Remote Management are one and the same – they are called differently from vendor to vendor. If you don’t have an option for Telnet or SSH, you’re safe – this means that your make and model does not support these services and they are off by default. Thanks for watching the video and for taking the time to secure your router. Great job!

      Stay safe,
      Bogdan.

  • By Alan H F Smith - Reply

    How to carry out suggestions for users with minimal router knowledge. Such as Seniors or Beginners.

    • By Bogdan Botezatu - Reply

      Hello, Alan.

      This is a difficult question to answer. Each router make and model has a different administration interface and it is nearly impossible to cover them all. But staring from this simple checklist (disable Telnet, SSH, UPnP and remote management, as well as setting a strong password for your Wi-Fi network), users can refer to their router’s user manual and perform these changes in a couple of clicks. It’s really not that complicated now that you know what to turn off.

  • By John Simnett - Reply

    This is all very well and good but the average layman computer user would not understand a word of this!

    • By Bogdan Botezatu - Reply

      Hello, John!

      We understand that technology can be confusing for computer users not working in IT, hence the dog analogy. The message we wanted to send to customers (and not only) is simple: change your router’s admin credentials, disable Telnet, SSH and remote access, as well as UPnP and pick a solid password for your wireless network. With these in mind, you can refer to your router’s user manual, where you get step-by-step instructions on how to perform this changes. We wish we could tell you exactly how to do it, but there are thousands of router models out there and we can’t include all these in a video tutorial. Not if we want to keep the video shorter than, well, a week.

      Hope this helps – stay safe!

  • By JP Dumergue - Reply

    Hello, Ionut ILASCU, (hope I got your name correct)

    the only problem with my router is that the operating system is locked down by Telstra and some of the settings are spoofed into thinking you changed them.
    The router would have to be one of the worst security breaches and they dont care about placing them into possibly +60% of Australian business’s
    Telstra DOT Business Netgear Router V7610

    for months I have had problems and searched the web forums and Tech People are still trying to penetrate to the settings we should freely be able to change.

    [Just bought a Netgear Nighthawk but havnt learned how to set it with DD-WRT / or Tomatoe]

  • By Matthew McReynolds - Reply

    For greater router safety your video suggests that both Telnet and SSH be disabled. But shouldn’t the advice be to disable Telnet and enable SSH?

    • By Bogdan Botezatu - Reply

      Hello, Matthew.

      The answer is both yes and no. For regular users, SSH is hardly something that they would use. We decided to advise that both services be turned off – even if SSH is secure, it is so only when authentication is done properly (via public key or at least via a seriously good password). What if some vendor decides to hardcode SSH credentials for support purposes? In this case, if you don’t use it, you’d better turn it off.

  • By Hugh - Reply

    Can’t you please provide us a digital document to store and READ? I can’t store a web video very easily for repeated reference.

    • By Bogdan Botezatu - Reply

      Hello, Hugh!

      Here are the most important takeaways from the video:

      1. Disable Telnet
      2. Disable SSH
      3. Disable Remote management or access (depending on how your router calls it)
      4. Pick a good password for your Wi-Fi to prevent your neighbours from connecting to your network.

      Regarding how to act on is, the you should refer to your router’s user manual. The features outlined above are well documented and you should have no issue identifying them.

  • By Geoff Probyn - Reply

    I have a Telstra modem/router that came with my Bigpond account and I have no idea how to access it little own make the changes you suggest.

  • By Aron Klipper - Reply

    where and how I can bay a center box

  • By sam Kumolu - Reply

    Good advice will like to see how I can follow up this caution.
    sam

  • By benrie - Reply

    you tried, but some of what you were saying went over my head. got to make it simpler for people like me.

  • By Robert A Unsworth - Reply

    I have always understood that Bitdefender was so efficient that non of the risks you outlined could possibly occur. Is this not so?????
    If not, then you should provide step by step instructions on how to remove these risks.
    I would however be a very dissapointed Bitdefefender customer. I thought Bitdefender was totally inviolate !!!!!!!!

    • By Bogdan Botezatu - Reply

      Hello, Robert!

      Indeed, here at Bitdefender we understand security and have a flawless track record with that. But your house is also comprised of third party technologies such as Smart TVs, networking equipment or smart bulbs which cannot run a Bitdefender product. It’s these devices that we are trying to teach users how to secure so they can minimize their home’s attack surface. Routers are particularly tricky because they are always exposed to the internet and most vendors don’t really keep up with security fixes, let alone comply with the best security practices. This is why we developed Bitdefender BOX, the smart home security hub that doubles as a highly secure router, but we understand that not every person in the world has one. With this video, we want to raise awareness on several weaknesses that can be easily plugged by simply referring to your router’s user manual and checking some boxes in the interface.

      Thanks for your feedback – stay safe!

  • By Sonny Lassiter - Reply

    I’m just a user and the info above doesn’t help me any. My new router has protection features and I hope that is enough.

  • By Dale Knievel - Reply

    Your recommendations are good for people who understand the terminology and know how to accomplish those recommendations. This is why I have Bitdefender. I am an idiot when it comes to computers, the web and things dealing with the internet. My specialty for 42 years has been anesthesia. It is also an area where many people don’t understand. Why don’t you have in your Bitdefender program a path that looks at those areas you recommend and then guides one to accomplish what needs to be done?

  • By Don Chalmers - Reply

    Thank-you for the update on router safety, as I am not very good with anything concerning I.T..
    I will have to wait for a friend to help me out with your recommendations.

  • By Brian Volk - Reply

    Interesting but not unknown

  • By K. Routledge - Reply

    I agree with the above comments re. difficulty. We older dummies require step by step, simplified guidance……..

    • By Bogdan Botezatu - Reply

      Hi there,

      We now that sometimes technology seems overwhelming to people working outside the field. This video was created to raise awareness about possible weak spots in your router’s configuration. Now that you know where things might go wrong with your router, the rest is simple: you should refer to your router’s user manual that came with the device, log into the admin panel via browser and check or uncheck the boxes corresponding to the services mentioned in the video. Reboot the router and you’re set!

      Stay safe,
      Bogdan.

  • Add Comment

    Your email address will not be published. Required fields are marked *