attention to the damage that can be inflicted when malware is permitted to manipulate the software of a
router, rendering devices inoperable and allowing personal data and credentials to be stolen.
The recent TP-Link Router Zero-Day Bug is another example of the hardware and software-based
methodology in which hackers are accessing and manipulating routers. In March 2019, a zero-day bug
was uncovered in the TP-Link SR20 smart hub and home router. The bug would allow an attacker to
execute arbitrary commands on the device, foregoing arbitrary commands on the device. This flaw would
allow attackers to remotely gain access to the device’s firmware and manipulate it, while also gaining
network access.
Another similar bug that happened within the last few months, called the Thangrycat bug, was found in
the Cisco 1001-X series router, and allows hackers to gain root access to the router, and once inside,
can disable the router’s vulnerable Trust Anchor. A Trust Anchor is meant to be a final layer of security
for devices, so any disruption to the Trust Anchor could cause an entire unit to be exposed and become
manipulated. The Thangrycat bug is believed to be a physical flaw, and thus cannot be remedied with a
simple software fix.
With new bugs and vulnerabilities being exposed on what seems like a weekly basis, it has become clear
that router security is among the biggest threats impacting the IoT today. The danger and impact of such
attacks is particularly impactful on consumers or small businesses, and infrastructures that may not have
the technical knowledge or expertise resourced to identify or understand the threat before it is too late.
This impact also extends beyond the use of personal-use routers to routers used in hospitals, government
buildings, and other sensitive environments where the data to be manipulated could have potentially
severe impact. And as smart home devices are increasingly installed in both homes and businesses, that
threat can move beyond accessing a password to a website or personal photos; it can also impact the
security of cameras or locks that allow hackers to gain physical access as well.
The entire IoT utilizes routers and is increasingly at risk due to newly developed malware and attacks
directed at penetrating the CPU of these devices.
In order to ensure that routers are protected at both the software and hardware level, as well as on the
network, it is imperative for new cybersecurity solutions to be implemented. It is not enough to protect
the memory and the firmware. Unfortunately, firmware comes with bugs and it must be regularly updated
to stay secure and working properly. Over-the-air (OTA) updates are equally problematic because the
OTA solutions are based on software agents in the ECU and cloud services that deploy the updated
images.
One consideration is a cloud-to-flash protection approach, that blocks access to firmware, boot images
and critical code through a hardware-root-of-trust in the flash memory, effectively securing connected
edge devices from persistent attacks like VPNFilter or bugs like TP-Link and Thrangrycat. By securing
the flash memory and installing cloud-to-flash protection into devices on the factory floor, routers and
other connected edge devices are protected throughout their entire lifecycle. This approach is also both
processor and operating system agnostic and requires virtually zero processing power or additional
energy.