3 min read

Virtual Patching Home Routers Before before Manufacturers Is the Way Forward

Silviu STAHIE

July 16, 2021

Virtual Patching Home Routers Before before Manufacturers Is the Way Forward

Home routers are among the most overlooked pieces of hardware in modern homes. People don't really put much effort into choosing a good one, changing them when they reach end-of-life, or keeping them up to date. It turns out that securing these devices without their manufacturers' intervention is now possible, making them a lot more reliable.

According to Bitdefender telemetry, routers are the fourth-most-vulnerable device in smart homes. That alone should be enough to always think of them when securing our networks. Unfortunately, routers are rarely taken into consideration, which helps explain why they are among the most vulnerable.

In an ideal situation, users know what smart devices they have in their homes, regularly check if the manufacturers have issued new security patches, and make sure to quickly replace it if some device reaches end-of-life. The reality is almost the opposite of this scenario.

Ignoring our most prized security measure

An audit of our smart devices would quickly reach an obvious conclusion. Routers are the gateways to our private life and the guardians of our homes. It would be foolish to ignore their role, yet this is exactly what's happening.

People buy a router, plug it in, and forget about it for years on end. Never mind that the manufacturer abandoned the device a couple of years after release or that security patches await an installation that never happens. In most cases, new users won't even change the default login credentials. The reality is that routers are mostly ignored, despite the critical role they provide.

On the other side of the equation sit the routers manufacturers. While we can imagine why consumers are not quick to keep their devices up to date or why they don't pay as much attention as they should, the same reasons don't apply to manufacturers.

A study revealed that many router manufacturers don't actually support the devices they sell. In some cases, they didn't release even a single patch during the lifetime of a device -- even if researchers have reported vulnerabilities.

Fine, we'll do it ourselves

Since most routers run some proprietary OS and the code is not available, other companies can't issue security patches. This is where Bitdefender comes in, with a new technology named Live Virtual Patching that allows users to protect their devices even if the manufacturer hasn't issued security updates or if the consumers haven’t installed them.

Security researchers determined that most attacks use command injection, local file inclusion or directory traversal exploits to cause overflows and gain persistent privileges. Which means that, if Live Virtual Patching can cover these problems, most security issue would be dealt with. To be clear, this isn't meant to replace official patching, only to provide extra protection when patches are not available.

The technology checks for commands on the router against CVEs in the Bitdefender Global Protection Network to determine what vulnerabilities attackers could use against it, then blocks these types of commands.

Live Virtual Patching is part of Bitdefender Router Protection, a new IoT security platform available for Internet Service Providers (ISP). This is a two-way street, which means that it's up to ISPs to implement this technology in the routers they offer to consumers, and it's up to consumers to look for ISPs that implement Bitdefender Router Protection in their routers.

The security problem in the IoT ecosystem is not going to disappear anytime soon. Based on this technology niche's growth projection, the issues are likely to grow as well. It's past time we wait for manufacturers to secure their devices and take matters into our hands.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands
Graham CLULEY

July 23, 2021

3 min read
Homoglyph domains used in BEC scams shut down by Microsoft Homoglyph domains used in BEC scams shut down by Microsoft
Graham CLULEY

July 22, 2021

3 min read
China Sets Up New Worrying Vulnerability Disclosure Rules China Sets Up New Worrying Vulnerability Disclosure Rules
Silviu STAHIE

July 20, 2021

1 min read