Home routers and wi-fi access points are the canaries in the coal mine for security on the Internet of Things.
Simply put: they’re ubiquitous, Internet-connected and innocuous. Unlike mobile phones, wi-fi routers aren’t in your pocket – buzzing and ringing and demanding your attention. In fact, it’s safe to be that the vast majority of Internet users are concerned wouldn’t know how to connect- and log in to their router if they had to.
But appearances can deceive. Broadband routers are, indeed, mini computers that run a fully featured operating system and are perfectly capable of being attacked, compromised and manipulated. We have already seen examples of modern malware spreading between these devices.
In March, the security firm Team Cymru published a report (PDF) describing what it claimed was a compromise of 300,000 small office and home office (SOHO) wireless routers that was linked to cyber criminal campaigns targeting online banking customers.
In January, the Polish security website Niebezpiecznik.pl warned of a remotely exploitable hole in firmware run on home routers by TP-Link, a popular brand in Poland.
Despite those red flags, there’s been little progress in making home and small office routers and wifi access points more robust.
Now the Electronic Frontier Foundation is stepping in. As reported in The Guardian, EFF used last weekend’s Hackers on Planet Earth (HOPE) conference in New York City to launch a new project: The Open Wireless Router to develop a new platform that will allow individuals to secure their home Internet connection and securely share their connection with others – without becoming subject to government surveillance.
“The software aims to do several things that existing routers don’t do well—or don’t do at all,” the EFF wrote in a blog post.
First and foremost, the Open Router will mark a major security improvement over what is currently available. That will include what EFF describes as a “minimalist, secure, and elegant Web user interface to set up and configure the router” and “state of the art in consumer Wi-Fi router security” designed to thwart attacks against home routers – many of which target vulnerabilities in the web interface used to manage the devices. The Open Router will offer a secure software auto-update mechanism and other features designed to make targeted update attacks more difficult.
EFF is offering an early, “experimental hacker alpha release” version of the software that runs on Netgear’s WNDR3800 platform. It is looking for developers, security researchers and others to download and experiment with the software, then contribute to improving it.
Read more over at The Guardian’s web site, here Wanted: hackers to help the EFF make Wi-Fi routers more secure | Technology | theguardian.com.