Router guest networks lack adequate security, experts say
While many organizations and home networks use a host and guest network on the same router hardware to increase security, a new study by Ben-Gurion University indicates that routers from well-known manufacturers are vulnerable to cross-router data leaks through a malicious attack on one of the two separated networks.
According to Adar Ovadya, a master’s student in BGU’s Department of Software and Information Systems Engineering, “all of the routers we surveyed regardless of brand or price point were vulnerable to at least some cross-network communication once we used specially crafted network packets. A hardware-based solution seems to be the safest approach to guaranteeing isolation between secure and non-secure network devices.”
The BGU research was presented at the 13th USENIX Workshop on Offensive Technologies (WOOT) in Santa Clara this week.
Most routers sold today offer consumers two or more network options — one for the family, which may connect all the sensitive smart home and IoT devices and computers, and the other for visitors or less sensitive data.
In an organization, data traffic sent may include mission-critical business documents, control data for industrial systems, or private medical information. Less sensitive data may include multimedia streams or environmental sensor readings. Network separation and network isolation are important components of the security policy of many organizations if not mandated as standard practice, for example, in hospitals. The goal of these policies is to prevent network intrusions and information leakage by separating sensitive network segments from other segments of the organizational network, and indeed from the general internet.
In the paper, the researchers demonstrated the existence of different levels of cross-router covert channels which can be combined and exploited to either control a malicious implant, or to exfiltrate or steal the data. In some instances, these can be patched as a simple software bug, but more pervasive covert cross-channel communication is impossible to prevent, unless the data streams are separated on different hardware.
The USENIX Workshop on Offensive Technologies (WOOT) aims to present a broad picture of offense and its contributions, bringing together researchers and practitioners in all areas of computer security. WOOT provides a forum for high-quality, peer-reviewed work discussing tools and techniques for attack.
All vulnerabilities were previously disclosed to the manufacturers. This research was supported by Israel Science Foundation grants 702/16 and 703/16. Adar Ovadya is co-supervised by Dr. Yossi Oren, a senior lecturer in BGU’s Department of Software and Information Systems Engineering and head of the Implementation Security and Side-Channel Attacks Lab at Cyber@BGU, and Dr. Niv Gilboa, from BGU’s Department of Communication Systems Engineering. Also contributing to the research were BGU graduate student Rom Ogen and undergraduate student Yakov Mallah.
American Associates, Ben-Gurion University of the Negev. “Router guest networks lack adequate security, experts say.” ScienceDaily. ScienceDaily, 15 August 2019. <www.sciencedaily.com/releases/2019/08/190815081258.htm>.
Microtechs 24x7x365 White label support services
Based in Surrey, Microtechs are an established and experienced end user support centre. Our Help desk and NOC experts can monitor your servers and support queue (email, RMM & phone) 24×7 or just as overflow. The Microtechs White Label support service offers a cost effective, 24×7 support option perfect for providers with an expanding customer base.
You may ask yourself:
- How can I offer support 24/7 without the stress & cost of recruiting and training?
- How can I free up my team’s time, to enable us to grow the business?
- How can I improve my bottom line?
Microtechs can help.
- Office hours or 24/7
- UK based from Guildford, Surrey
- 1st & 2nd line / NOC and incident management capabilities
- Ability to learn bespoke applications
- All white labelled to your brand
- 25-50% reduction in overheads
- Pricing from £500 per month
- Sole traders through to enterprise companies supported
Here’s what our customers have said;
“Using Microtechs to extend the helpdesk capabilities for our organisation has been a very worthwhile venture for us. The transition was very easy and simple, and we have found the Microtechs staff to be both knowledgeable and professional; in their dealings with our clients.”
“My customers receive a polite service and their issues are dealt with quickly and professionally. In short Microtechs provide a courteous, effective and cost-efficient service that enables me to offer my customers 24/7 support without the associated expense.”
It would be great to have a chat with you and understand a little about your business, even if you are not quite ready to outsource.
Live chat us now or call 01483 407417