3 min read

Virtual Patching Home Routers Before before Manufacturers Is the Way Forward

Silviu STAHIE

July 16, 2021

Virtual Patching Home Routers Before before Manufacturers Is the Way Forward

Home routers are among the most overlooked pieces of hardware in modern homes. People don't really put much effort into choosing a good one, changing them when they reach end-of-life, or keeping them up to date. It turns out that securing these devices without their manufacturers' intervention is now possible, making them a lot more reliable.

According to Bitdefender telemetry, routers are the fourth-most-vulnerable device in smart homes. That alone should be enough to always think of them when securing our networks. Unfortunately, routers are rarely taken into consideration, which helps explain why they are among the most vulnerable.

In an ideal situation, users know what smart devices they have in their homes, regularly check if the manufacturers have issued new security patches, and make sure to quickly replace it if some device reaches end-of-life. The reality is almost the opposite of this scenario.

Ignoring our most prized security measure

An audit of our smart devices would quickly reach an obvious conclusion. Routers are the gateways to our private life and the guardians of our homes. It would be foolish to ignore their role, yet this is exactly what's happening.

People buy a router, plug it in, and forget about it for years on end. Never mind that the manufacturer abandoned the device a couple of years after release or that security patches await an installation that never happens. In most cases, new users won't even change the default login credentials. The reality is that routers are mostly ignored, despite the critical role they provide.

On the other side of the equation sit the routers manufacturers. While we can imagine why consumers are not quick to keep their devices up to date or why they don't pay as much attention as they should, the same reasons don't apply to manufacturers.

A study revealed that many router manufacturers don't actually support the devices they sell. In some cases, they didn't release even a single patch during the lifetime of a device -- even if researchers have reported vulnerabilities.

Fine, we'll do it ourselves

Since most routers run some proprietary OS and the code is not available, other companies can't issue security patches. This is where Bitdefender comes in, with a new technology named Live Virtual Patching that allows users to protect their devices even if the manufacturer hasn't issued security updates or if the consumers haven’t installed them.

Security researchers determined that most attacks use command injection, local file inclusion or directory traversal exploits to cause overflows and gain persistent privileges. Which means that, if Live Virtual Patching can cover these problems, most security issue would be dealt with. To be clear, this isn't meant to replace official patching, only to provide extra protection when patches are not available.

The technology checks for commands on the router against CVEs in the Bitdefender Global Protection Network to determine what vulnerabilities attackers could use against it, then blocks these types of commands.

Live Virtual Patching is part of Bitdefender Router Protection, a new IoT security platform available for Internet Service Providers (ISP). This is a two-way street, which means that it's up to ISPs to implement this technology in the routers they offer to consumers, and it's up to consumers to look for ISPs that implement Bitdefender Router Protection in their routers.

The security problem in the IoT ecosystem is not going to disappear anytime soon. Based on this technology niche's growth projection, the issues are likely to grow as well. It's past time we wait for manufacturers to secure their devices and take matters into our hands.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

FTC Says Companies Operating Health Apps and Connected Devices Must Inform Users of Data Breaches FTC Says Companies Operating Health Apps and Connected Devices Must Inform Users of Data Breaches
Silviu STAHIE

September 17, 2021

1 min read
Owner of DDoS-as-a-service Websites Found Guilty, Faces up to 35 Years in Prison Owner of DDoS-as-a-service Websites Found Guilty, Faces up to 35 Years in Prison
Silviu STAHIE

September 17, 2021

1 min read
Do Mobile Security Solutions Really Work or Are They a Scam? Do Mobile Security Solutions Really Work or Are They a Scam?
Filip TRUȚĂ

September 17, 2021

2 min read