Security penetration is a matter of finding the shortest and/or easier way to get to the target, whether this is stealing information or gaining full system control. As there are many links in the chain of security, finding the most vulnerable one is what makes sense. However, as attackers target a specific chain link, researchers and developers implement security strengthening improvements, and so the weakest link becomes strong, and the focus of both the attackers and the vendors who are fixing security holes in their products shifts elsewhere.
According to a Motherboard report, a field that is currently on the rise is that of the internet routers, as Crowdfense announced yesterday that they have started buying exploitation tips that concern these network devices. The reason given by Andrea Zapparoli Manzoni, CEO of Crowdfense, is the fact that hacking Android and iPhones have become so complicated and challenging, that attackers have already started looking elsewhere. As he stated: “The security of browsers and both iOS and Android is increasing substantially. We are trying to target a broader attack surface, and the reason is that the attack surface of the typical products that we used to exploit is substantially reduced. It’s more difficult for us to find actionable, new vulnerabilities.”
That doesn’t mean that Crowdfense or other similar companies have given up hunting smartphone vulnerabilities. It’s just that it has become so hard, that it isn’t feasible anymore, and this is reflected in the compensation that they offer to tipsters. Crowdfense is currently offering $3 million to anyone who can hack an iPhone or Android system through a zero-day exploit. Zerodium will buy tips for successful remote attacks on iPhones up to $2 million! While the $100k bounty of Crowdfense and the $10k of Zerodium for router exploits seems to be pale in comparison, the field of routers is definitely showing a growing demand for them right now, and they can potentially hold very handy vulnerabilities.
Zapparoli said “When you cannot get to a target through his Android phone or iPhone, maybe you can still achieve some results by targeting the router. This might be a home router to monitor an individual target, or perhaps an enterprise level router more useful for monitoring an organization’s traffic.” Zerodium’s Chaouki Bekrar had also confirmed that they are regularly receiving zero-day exploits for every major router used out there since they have expanded their bounty program to include the devices. Here’s his Tweet from last May:
Since @Zerodium has added routers to its bounty program, we have received at least one pre-auth RCE #0day exploit for every major router. We all know that the security of routers and IoT devices is completely fucked up but it's still scary to see how deeply fucked they are.
— Chaouki Bekrar (@cBekrar) May 7, 2018
To ensure the safety of your router, ensure that you have activated it’s network filters and firewall and that you apply all firmware updates when they become available. Other than that, you can disable SSID broadcasting and deactivate the WPS, while using a product from a reliable vendor who maintains an active security team is an excellent choice when trying to stay safe.
Feel free to share your thoughts on the above in the comments section below. Also, don’t forget that we continuously post fresh tech news on our socials, on Facebook and Twitter.