Hacks to Consumer-Grade Routers Expose Passwords, Hard Drive Contents

Recent reports of hacks into consumer-grade routers have surprised some security experts, at the same time alarming users who discover their hard drive contents are available openly on the internet.  This not only points to specific security issues with the devices themselves, but it also serves as a cautionary tale for businesses using consumer-grade components on their networks. 

More than 300,000 wireless routers may have been compromised in a specific attack reported by ARS Technica (http://arstechnica.com/security/2014/03/hackers-hijack-300000-plus-wireless-routers-make-malicious-changes/).  This attack comes weeks after a self-replicating malware ‘worm’ (named “The Moon”) was detected that affected certain Linksys routers (http://arstechnica.com/security/2014/02/bizarre-attack-infects-linksys-routers-with-self-replicating-malware/) and a similar exploitation of Asus routers (http://arstechnica.com/security/2014/02/dear-asus-router-user-youve-been-pwned-thanks-to-easily-exploited-flaw/).

Potential sources of data security issues are introduced as more ‘connected’ devices our added to our networks, including home networks.  While this points to the need for greater vigilance on the part of manufacturers and home users, it also points to the need for businesses to expand their field-of-view on data security.

Business laptops connected to home networks could suffer the vulnerability of the weakest link, which may now be the employee/contractor’s wireless router.  As the ‘internet-of-things’ expands, and more pathways into a home network are opened, expect the bad guys to seek every possible avenue for exploitation.

It is difficult to make the case for utilizing low-cost, consumer hardware in a business setting.  The entry point for the more secure, commercial-grade hardware is about $150.  The emerging risk profile of the low-cost, consumer gear makes it wholly unsuitable for business at any price.