In 2019¸ NanoLock met with Buffalo’s R&D team to demonstrate the hack on their router¸ exposing how hackers use web admin to downgrade the router from the secured version (V 2.46) to V 2.34 and then use telnet access to hack the firmware. This hack is particularly volatile¸ as the V 2.46 contains a security patch that is supposed to address the vulnerabilities present in V 2.34.
There are millions of this specific Buffalo router in the market today¸ and the vulnerability exposed by NanoLock—and its severe consequences—also applies to millions of other routers. This vulnerability leaves millions of homes and business exposed to criminals who could access personal information¸ send users to fake websites¸ upload malware¸ or even compromise networks to attack other networks. In fact¸ the FBI has issued an official warning about foreign hackers using the VPNFilter malware to exploit connected devices¸ steal information¸ block network communications¸ and¸ ultimately¸ render routers inoperable. Unfortunately¸ the FBI also affirmed that this malware—and those similar to it—are difficult to detect and deflect.
Foiling Hackers with Flash-to-Cloud Protection
NanoLock demonstrated how the identified vulnerability in the Buffalo router can be secured by implementing the NanoLock flash-to-cloud cybersecurity solution.
- Hackers are blocked when they attempt to use web admin to downgrade the Buffalo router from the secured V 2.46 to V 2.34; an alert is also sent to the dashboard.
- Even if the hacker were to successfully downgrade to V 2.34 using the dashboard, the embedded flash protection would continue to safeguard the Buffalo router from further attempts to inject malicious code; an alert would also be sent to the dashboard per each attempt.
Breaking the Vicious Cycle
This flash-to-cloud concept ensures that all persistent changes to the device’s flash (i.e.¸ its non-volatile memory) must be signed and authorized by a trusted server or management platform that is managed by the service provider¸ thus preventing hackers from gaining persistent access to the router.
It is not enough to simply identify and remedy a specific vulnerability¸ as this will rarely solve the core problem¸ and there will inevitably be other security breaches in the future; rather¸ to fully protect routers from would-be hackers and escape the vicious cycle of ‘hack-and-patch¸’ manufacturers must outfit their routers to block unauthorized persistency¸ thus preventing persistent hijacking and enabling their customers to detect attempted attacks and recover with a simple reset.
Safeguarding Routers with Protection¸ Cost Savings¸ Compliance¸ and Control
- Unique, passive prevention
- Real-time detection and notification of attempted attacks
- Reliable status alerts
- Validated OTA updates
- Collection of forensic data
- Processor- and operating-system-agnostic
- Compliance with regulation requirements
- Visibility of installed bases
To fortify their connected devices to reliably block outsider¸ insider¸ and supply chain attacks (even when other measures fail)¸ manufacturers must take a different approach to cybersecurity¸ focusing on ways to address security vulnerabilities before they are exposed to ensure that their growing networks of routers will remain resilient in the face of attempted hacks.
Source: NanoLock Security