Edith Cowan University Research Online

ECU Publications Post 2013

2017

Broadband router security: History, challenges and future implications

Patryk Szewczyk Edith Cowan University, [email protected]

Rose Macdonald Edith Cowan University

Follow this and additional works at: https://ro.ecu.edu.au/ecuworkspost2013

Part of the Information Security Commons

Recommended Citation Szewczyk, P., & Macdonald, R. (2017). Broadband router security: History, challenges and future implications. Retrieved from https://ro.ecu.edu.au/ecuworkspost2013/4990

Szewczyk, P., & Macdonald, R. (2017). Broadband Router Security: History, Challenges and Future Implications. Journal of Digital Forensics, Security and Law, 12(4), 6. Available here. This Journal Article is posted at Research Online. https://ro.ecu.edu.au/ecuworkspost2013/4990 Journal of Digital Forensics, Security and Law

Volume 12 | Number 4 Article 6

12-2017 Broadband Router Security: History, Challenges and Future Implications Patryk Szewczyk Edith Cowan University, Western Australia, [email protected]

Rose Macdonald [email protected]

Follow this and additional works at: https://commons.erau.edu/jdfsl Part of the Computer Law Commons, and the Information Security Commons

Recommended Citation Szewczyk, Patryk and Macdonald, Rose (2017) "Broadband Router Security: History, Challenges and Future Implications," Journal of Digital Forensics, Security and Law: Vol. 12 : No. 4 , Article 6. Available at: https://commons.erau.edu/jdfsl/vol12/iss4/6

This Article is brought to you for free and open access by the Journals at Scholarly Commons. It has been accepted for inclusion in Journal of Digital Forensics, Security and Law by an authorized administrator of Scholarly Commons. For more information, please contact [email protected]. (c)ADFSL Broadband Router Security: History, Challenges ... JDFSL V12N4

BROADBAND ROUTER SECURITY: HISTORY, CHALLENGES AND FUTURE IMPLICATIONS Patryk Szewczyk and Rose Macdonald Edith Cowan University, Western Australia

ABSTRACT Consumer grade broadband routers are integral to accessing the Internet and are primarily responsible for the reliable routing of data between networks. Despite the importance of broadband routers, security has never been at the forefront of their evolution. Consumers are often in possession of broadband routers that are rich in consumer-orientated features yet riddled with vulnerabilities that make the routers susceptible to exploitation. This amalgamation of theoretical research examines consumer grade broadband routers from the perspective of how they evolved, what makes them vulnerable, how they are targeted, and the challenges concerning the application of security. The research further explores the Australian roll out of a joint ISP; consumer extended public Wi-Fi network (Air), in which routers play crucial roles. The security of these networks is considered, and questions are explored, regarding consumer legal risks, particularly for consumers who opt-in to extend this service. This research paper concludes with recommendations for the development and introduction of Australian router security deployment standards.

l. INTRODUCTION

Australia is consistently identified as a major Rumours further indicate that known Internet user that will continue to be targeted vulnerabilities within ADSL routers may by cybercrime. Some protection is afforded by purposefully go unaddressed, allowing specific specialised security software for computers. organisations remote access to a target Asymmetric Digital Subscriber Line (ADSL) network ( Greenberg, 2017). The ongoing cyber­ routers can complement specialised security attacks demonstrate the need to protect an software in counteracting the severity of ADSL router correctly - using best practices cybercriminal activity. For the ADSL router to and standards. provide a layer of security, it requires adequate ADSL routers (also known as 'broadband and an appropriate selection of security routers,' but referred to hereafter as just mechanisms and controls. The ADSL router 'routers') are essential in providing reliable typically operates in a discreet, reliable manner network connectivity between computers, within Small office Home office (SoHo) printers, tablets, the Internet of Things (IoT), environments - typically forgotten once the and the Internet. The connections form initial configuration phase passes. However, networks, which may be small local networks, there is continual increase in research evidence or larger external networks linking thousands depicting cyber-attacks specifically targeting or of devices across vast areas. The required exploiting vulnerabilities within ADSL routers.

@ 2017 ADFSL Page 55 JDFSL V12N4 Broadband Router Security: History, Challenges ... network topology, scale, and purpose dictate during the initial configuration stage the type or category of router hardware chosen (Szewczyk, 2006). Inadequate security to establish the connections. While enterprise configuration may be attributed to end-users grade routers provide the highest levels of lacking accurate knowledge and an appropriate functionality at a premium price, the vast skillset to apply the ideal security settings. majority of small business and residential Despite end-users typically ridiculed for premises do not require the premium inadequately securing their routers, research functionality. The small business and has demonstrated that vendors are equally to residential market typically opt for SoHo blame with poor or inaccurate product routers, which provide consumers with the literature to support and guide end-users desired functionality and an intuitive through the configuration phase (Szewczyk, Graphical User Interface (GUI) to simplify the 2013). configuration process. 2. HISTORY AND Vendors continually incorporate advanced EVOLUTION OF features and technologies into routers making them increasingly attractive to consumers. NETWORK ROUTERS Common router features typically include a The foundations of network routing were four-port Ethernet switch, high-speed wireless developed in the late 1960s by a closed networking capabilities, network file sharing, academic group of researchers known as the printer servers, and scalability for integration Advanced Research Projects Agency (ARPA). with smart home technologies within a home The goal of the agency was to build a network network. These additional features whilst of four Interface Message Processors (IMPs) to attractive to consumers may also create a send data over phone lines. ARP A put out a range of supplementary vulnerabilities. The tender for the development, which was won by exploited vulnerabilities may have enabled a small company known as Bolt, Beranek and cyber criminals to access a private network in Newman (BBN) (Raytheon, 2011). In August an unauthorised manner. 1968, the BBN group used "an off-the-shelf Routers are the "work horses" of the SoHo Honeywell 516 to design the I/ O devices that Internet, controlling the flow of data between would need to be added to the basic model to private and public networks. Unfortunately, start writing the code that would reload there are ongoing security flaws embedded crashed IMPs, pull packets into the machine, within routers, which may expose users and figure out how to route them, and send them data to intrusions, through a range of attack on their way" (Raytheon, para.4, 2011). vectors. Cyber criminals who recognise the On October ist, 1969, the first set of opportunities and benefits in being able to characters were successfully transmitted over control or remotely access routers for personal the new network and the Advanced Research gain can exploit the security flaws within Projects Agency Network (ARPANET) was routers. For novice end-users, the router is founded. The IMP could support 50Kbps links often the only barrier segregating the user's between nodes (Duffy, 2009). The data from the Internet. Many router achievements of the group remained confined vulnerabilities stem from poor firmware to those at ARP A, BBN and a small group of development and a lack of ongoing researchers until 1972, when a project titled, maintenance (Hampton & Szewczyk, 2015). In "The Technology of Packet Switching" was contrast, users also poorly configure routers presented at the International Conference on

Page 56 @ 2017 ADFSL Broadband Router Security: History, Challenges ... JDFSL V12N4

Computer Communication in Washington router, called the Advanced Gateway Server (Raytheon, 2011). (AGS) into the communications market, which supported the Transmission Control Protocol In 1980, Stanford University was the (TCP), Internet Protocol (IP) TCP / IP (Duffy, recipient of several Alto workstations and 2009). Ethernet networking boards from the Xerox Palo Alto Research Centre. Collectively, IP router architecture has continued to Stanford University staff and graduate evolve m step with the complex and students used this technology to develop what sophisticated networks of the protocols they later became known as the 'Blue Box.' The support. Today, a SoHo router may "fully Blue Box functioned as a multiprocessor, utilize the capabilities of specialized hardware providing the capability for Stanford's schools and integrates an endless suite of and departments to communicate with each functionalities, ranging from raw packet other. William Yeager, a research engineer at forwarding through traffic shaping, packet Stanford's medical school, had just completed queuing, access control, Network Address writing a small routing program, which acted Translation (NAT) with connection tracking to connect computers in the medical all the way to distributed network protocols" department with those in the computer science (Csaszar, Enyedi, Ridell, Retvari, & Sjodin, department (Carey, 2001). Yeager's software 2012). There was one critical oversight made program was a "multiprotocol network that by engineers, developers and researchers who linked Alto workstation, mainframes, mini­ actualised the future of our communications. computers and printers" (Carey, 2001). Yeager The oversight was security, and through its went on to writing a more sophisticated absence, forged a mindset of functionality over program, which was able to route several secure communications that persists today. protocols including the relatively new Internet 3. ROUTERS AS AN Protocol (IP). Yeager's advanced software was designed for the twenty-four Stanford Blue ATTACK PLATFORM Boxes that could be seen around the campus The SoHo router is an ideal target for cyber during that time (Carey, 2001). criminals. Consumers obtain a router through In 1985, two Stanford staff members, Len their Internet Service Provider (ISP) or Bosack and Sandy Lerner, who had been purchased online or via a computer retail involved in the Blue Box project, allegedly outlet. In either instance, the router typically asked Yeager for his software code so they encompasses minimal or no security by default. could modify it to route only Internet The lack of security reduces the cumbersome Protocols. Controversially, in the previous task of progressing through the configuration year, Bosack and Lerner had founded a phase for the novice end-user. However, company called Cisco, and used Yeager's work minimal security on the router also simplifies to propel the development of Cisco products. the attack process for cyber criminals. A This became the subject of legal debate in successful attack on the router may reward the future years (Carey, 2001). Bosack and Lerner cyber criminal with direct access to the would later return the capacity for Yeager's router's operating system (firmware) , to the code to route protocols other than just IP, prized internal network consisting of all the enhancing the functionality of the products connected devices, and to the data stored and they developed. Through 1986, Cisco traversing the network. As the inclusion of IoT introduced its first commercial multiprotocol and smart devices continues to further increase

@ 2017 ADFSL Page 57 JDFSL V12N4 Broadband Router Security: History, Challenges ... in quantity within home environments, there sources. Shodan.io is proving to be a powerful are additional incentives for cyber criminals tool for identifying vulnerable clients, and to who exploit the router and network. From demonstrate its capacity a number of search such a privileged position, the intruder can queries targeting SoHo connections to control the network whilst accessing and micro httpd servers were conducted in this misusing the data stolen from it. The research. The results were troublesome with consequences for the victim may include loss of 615,000 SoHo routers identified with open personal information, financial data, account ports in response to one search query (port:80 passwords, and their identity. micro_ httpd). Similar searches were run on other popular servers such as Apache (port:80 Vulnerabilities associated with coding flaws Appache httpd) which returned more than in the firmware development stage is an 2,000 vulnerable router hits. Valuable ongoing issue. Yang (2016) highlighted this information is presented to the user in the issue in a DEFCON presentation in 2015. search results, including the business or Yang, (2016) discovered a number of zero day company name of the target, location, IP vulnerabilities in his work as a security address, name and model of the router, and researcher and ethical hacker on a range of the ports and services that are open. A SoHo centric routers. Vulnerabilities included convenient link is also provided directing the vendor backdoors, debug interfaces left active, user to the router's web interface page where concerns with the ease at which intruders default usernames and passwords can be could gain access to shells, arbitrary file reads, tested. If successful, the attacker may proceed stack overflows and unauthorised remote with a range of attacks as depicted in the access via services such as Universal Plug and following section, thus compromising multiple Play (UPnP) (Yang, 2016). Security researcher hosts. Pierre Kim publicly disclosed a large quantity of zero day vulnerabilities for D-Link routers in 4. ATTACKS ON SOHO 2017, following numerous failed communication ROUTERS attempt to inform D-Link of the security issues (Osborne, 2017; Kim, 2017). The reluctance by 4 .1 Cross-Site Request Forgery vendors to listen to security researchers and the community who discover vulnerabilities The aim of a Cross-Site Request Forgery further demonstrates the issues with ( CSRF) attack is to direct the user to a web progressively addressing known security page controlled by the attacker where vulnerabilities within routers. malicious code is embedded in web pages. The code acts to transfer sensitive data to the Irrespective of ethics, all system attacker without the knowledge of the end­ penetrations begin with reconnaissance, and user. Account details, passwords, financial search engines such as Shodan.io provide a information, and other sensitive information is perfect opportunity for attackers to identify stolen in this process. Routers are vulnerable vulnerable targets and gather intelligence. to CSRF attacks because they are usually Shodan.io purports to be the "world's first configured with through a web browser search engine for Internet connected devices," connected to an embedded web server within (Shodan.io, 2016) otherwise known as the the router. On successful completion of such an Internet of Things (IoT). Users can access all attack, the router's Domain Name System the features of the search engine, which can (DNS) entries may be altered or device pull information from thousands of different settings altered to make the targeted network

Page 58 @ 2017 ADFSL Broadband Router Security: History, Challenges ... JDFSL V12N4 additionally susceptible to attacks (Router attackers to access restricted directories, such Check, 2016). Land (2017) discovered that 54% as the router's configuration settings, of examined routers contained a CSRF specific administrator password hashes, ISP usernames vulnerability. Despite many routers and passwords, Wi-Fi passwords and client or encompassing a CSRF vulnerability server authentication credentials ( Armasu, (Rotenberg et al., 2017) , D-Link routers are at 2015). In 2015, one directory traversal the forefront of largest quantity of devices vulnerability appearing in the webproc. cgi encompassing the issue (CVE-2015-5999, 2015; component of the target router allowed an CVE-2017-5633, 2017; CVE-2017-6411, 2017; attacker to extract a config.xml file containing CVE-2017-7398, 2017) with exploits focusing authentication credentials. In this particular on altering the configuration, or diminishing case, more than 700,000 vulnerable routers the overall state of security. involving multiple vendors were identified. It was later discovered that each vendor had used 4. 2 InfoITI1ation Disclosure firmware developed by the same third-party Information Disclosure attacks are categorised company (Armasu, 2015). by attempts to acquire specific system 4 . 3 CrOE8 Site Scripting information through the CPE ( Customer Premises Equipment) WAN (Wide Area There are three main cross-site scripting Network) Management Protocol (CWMP). attacks, known as 'Document Object Model' Technical support personnel within ISP (DOM), 'Persistent,' and 'Non-persistent departments leverage CWMP to remotely attacks.' In each of the attacks, the intruder trouble shoot or administer changes to routers. injects malicious JavaScript or HTML code In 2015, several Netgear SoHo routers were into the web application of the router. This identified as having an information disclosure provides the attacker with elevated privileges issue that allowed attackers to access from which modifications to the firmware unauthorised information (Constantin, 2014). settings result in a network hijack. The The vulnerability exploited the Simple Object attacker needs to be authenticated by the Access Protocol (SOAP) by "sending HTTP router to carry out this attack (Independent requests with a blank form and a Security Evaluators & Holcomb, 2013). 'SOAP Action' header" ( Constantin, 2014). However, once authenticated targeted data Administrator information including the includes the username and password set up model, serial number, and firmware version of page of Network Attached Storage (NAS), the the router targeted which was available to device name of the USB advanced.htm or the intruders (Constantin, 2014). The CWMP network key to the wireless setup page (NIST, service facilitated a variant of the Mirai 2014). malware specifically exploiting SoHo routers 4.4 Authentication Bypass and modems (Antonakakis et al. , 2017). The extent of the damage caused by the Mirai SoHo routers require user authentication to malware targeting German focused routers access the router's web interface where a exceeded 900,000 (Kolias, Kambourakis, variety of configuration and function Stavrou & Voas, 2017). modifications occur. Any flaw m the authentication method that allows an intruder A directory traversal vulnerability leaves to gain unauthorised access is considered an users open to intruders attacking SoHo routers authentication attack. The most basic of these remotely. A flaw in the firmware allows attacks involves the use of default username

@ 2017 ADFSL Page 59 JDFSL V12N4 Broadband Router Security: History, Challenges ... and passwords, which are easily discoverable. forwarding functions without authentication A number of public websites provide lists of (Router, 2016). vendors' default username and password 4 . 5 Unencrypted Password details. If the owner or administrator of the targeted router has failed to change the default Storage authentication credentials, then access to the In 2013, research conducted by RAPID7 router's configuration pages is simplified. An identified forty to fifty million networked alternate and common authentication bypass enabled devices that were vulnerable to attack is through Structured Query Language exploits using the UPnP protocol. Nearly all (SQL) injection technique. An SQL injection the vulnerable devices identified were SoHo attack operates by running malicious or altered routers. Critically, "sixty percent of routers SQL queries against a database or web server. tested allowed users to login to their A successful SQL injection attack may result administrative console using passwords sent m unwanted information disclosure, wirelessly via HTTP - clear text broadcasts compromised data integrity, compromised data over the air: Only 40 percent of the routers availability and remote command execution tested provided HTTPS connections and only (CISCO, 2016). Cutlip (2012) examined the 20 percent used it by default" (Fogarty, 2014). Netgear WNDR3700 series broadband wireless This is an unacceptable risk. End-users are routers, documenting the presence of a exposed to Man in the Middle attacks (MITM) vulnerability within the miniDLNA server where network traffic is intercepted and making the router susceptible to SQL injection, directed to the attacker who is primed to yielding remote root-level access. Alternate capture these details and use them to further vendors are not immune to the vulnerability compromise systems. According to Fogarty, with D-Link encompassing numerous (2014) the danger is critical if unsecured Authentication Bypass issues through an SQL­ wireless services are used, such as those found Injection vulnerability as per CVE-2013-5945 in public places, small businesses and closely (CVE-2013-5945, 2013; EDB-ID: 30062, 2013). packed living environments (Fogarty, 2014). UPnP vulnerabilities (SSDP discovery and This is due to signal leak whereby the presence SOAP) to the Internet side of the device of wireless access signals are detectable beyond Universal Plug and Play (UPnP) is a protocol the boundaries of where it is required. standard that allows communications between 4 . 6 Unauthenticated Hardware computers and network-enabled devices. The Linking protocol is enabled by default on millions of systems, including routers where According to Holcomb (2013) , the Netgear authentication is rarely implemented. The WNDR7400 router was found to be vulnerable literature suggests this feature is one of the to an attack which is carried out by sending most exploitable services available to an HTTP requests to the router's web attacker. The issues stem from poor management application. The process causes development and implementation of the the routers internal and external storage to protocol, with much of the literature pointing link to an attacker controlled Ready Shared to a vast number of systemic security issues. Cloud Account, which facilitates access to files UPnP enabled routers allow devices and hosted by Ready Shared enabled routers. applications on the network supporting it to Ready Share Cloud is a feature provided by configure themselves and perform port Netgear that allows the consumer to access remotely a USB storage device that is

Page 60 @ 2017 ADFSL Broadband Router Security: History, Challenges ... JDFSL V12N4 connected to a USB port on the router Remote administration allows the user and (Netgear, 2011). A successful attack will anyone else with credentials to access the provide the intruder with access to all files administration page of the user's router over stored on the external storage of the SoHo the Internet from an external location. In order router (Independent Security Evaluators & to remotely access a router, the IP address, Holcomb, 2013). port number and administrative username and password is entered into a web interface. Users Remote attackers may modify firewall rules should disable this feature unless there is a or access private media files using Digital genuine need to access the router remotely. Living Network Alliance (DLNA) DLNA is an This is because enabling remote access is akin industry wide standard that allows data to be to running an open port, which is an attractive shared over a home network. It includes target to an attacker. organisations and vendors who comply with the standard to allow music, movies and other According to Constantin (2014), many data shared across televisions, smartphones, ISPs are deploying SoHo routers to their computers and other devices. Many routers are customers with remote access enabled, allowing able to link DLNA compliant products across the vendor to remotely manage and update home networks with the exception of Apple devices. CWMP is used to troubleshoot TV, which is currently not supported technical problems remotely ( Constantin, (Laughlin, n.d.). DLNA uses UPnP for media 2014). It is estimated that in 2011, 147 million management, discovery and device control devices had the CWMP protocol enabled, of which simplifies the set up and use of device which seventy percent were SoHo routers. The streaming across the home network ( Charan, remote management protocol typically operates 2012). The more devices connected to the on port 7547 and is the second most commonly network the greater the opportunities for encountered service port after port 80 attackers to target UPnP vulnerabilities. (Constantin, 2014). 4. 7 Buffer Overflows 5. CHALLENGES IN Buffer overflows are a critical security SECURING SOHO vulnerability that occurs because of ROUTERS programming errors affecting memory. These can occur in any operating system. The The myriad of vulnerabilities identified in the consequence of a buffer overflow is that preceding section provides insight into the attackers can inject malicious code into the challenges facing governments, cyber security buffer and if the code executes; the attacker professionals, vendors, businesses and can take control of the system. A recent buffer consumers in securing SoHo routers. Yang overflow vulnerability was identified in several (2016) suggests that the practice of D-Link router models, reported to the National customising open source software to suit a Institute of Standards and Technology (NIST) specific router m combination with on 25 August 2016. In this case a "stack-based programmers lacking sufficient knowledge of buffer overflow in dws/ api/ Login allowed programming languages is a significant issue in remote attackers to execute arbitrary code via developing reliable, bug-free code. Yang's view a long session cookie" (CVE-2016-5681, 2016). is supported through the reverse engineering of firmware, which demonstrated that some 4. 8 Rerr1.ote Adrriinistration routers were encompassing security Enabled vulnerabilities exceeding ten years in age

@ 2017 ADFSL Page 61 JDFSL V12N4 Broadband Router Security: History, Challenges ...

(Hampton & Szewczyk, 2015). Yang (2016) Poor firmware update processes are further describes the practice of poor firmware extenuated through vendors using 'features' as development as leading to the production of a a driver to promote firmware updates rather range of coding flaws, which are primed for than security issues being addresses. Unless an exploitation. Fogarty (2014) argues that end-user understands a benefit in an advanced wireless routers are riddled with security holes feature set, the likelihood of the update being stemming from design goals that focus applied is diminished. usability over security. Given that vendors are Programmers may create undocumented often praised with being first to the market backdoors during the firmware development with innovation, it is not surprising that phase, so they can interact with products security is an aspect that is typically during the development phase. The overlooked. programmer may wish to save data and test Routers purchased in-store typically have and/ or modify the program when things go security features disabled by default and wrong (Haag, Cummings, & Rea 2016). backdoors left open. Consumers purchasing Programmers may opt to close backdoors ADSL SoHo routers in-store cannot assume the before the device is released to the public but device was shipped with security pre­ may also forget to do so, or purposely leave configured. Furthermore, unlike a traditional one or two open, so they can access the operating system, the end-user is not prompted program post sale. This practice exposes all to update the device during the initial routers supporting the firmware to attack and configuration process. The literature highlights consequently all the clients associated with it a persistent mindset of functionality over (Haag et al. , 2016). security. According to Sericon Technology The United States Computer Emergency (2015), router software issues extend to Readiness Team (US-CERT), the Independent vendors, failing to fix problems when identified Security Evaluators (ISE), and several security coupled with users failing to upgrade firmware professionals all highlight concerns about ISPs even when a fix may have been made available deploying pre-configured routers. The for a considerable timeframe. The disconnect consensus appears to be that too often, routers between vendors and end-users creates a risk are deployed with limited security, and focused environment with routers consumers do not have the knowledge, interest, encompassing little security and well or willingness to dedicate the time required to documented vulnerabilities circulating in the alter pre-configured settings (US-CERT, 2011). 'hacking' community. Researchers in Spain (Folgado, Rodriguez, & According to Horowitz (2016), numerous Sanz de Castro, 2017) examined twenty-two issues exist when attempting to update router models of SoHo routers from different vendors, firmware. These include but not limited to: most of which were deployed by ISPs. The updates modifying router settings that the researchers found sixty flaws across the consumer is unaware of, complicated processes twenty-two models tested. This further with poor documentation, methods to update supports concerns that ISPs do not support firmware varying and too often requiring end-users in pursuing a cyber security manual effort, firmware update processes conscious mindset. 'bricking' or making the router non-functional, Vendors and ISPs provide limited and a lack of notification of the availability information to consumers to assist them in and importance of an update for consumers. securing SoHo routers. Szewczyk & Valli

Page 62 @ 2017 ADFSL Broadband Router Security: History, Challenges ... JDFSL V12N4

(2009) described the absence of consumer network sniffing, traffic rerouting, DNS support and poorly written documentation as a poisoning, denial-of-service attacks, or significant risk. They were particularly critical impersonating servers (Independent Security of the quality of vendors' user manuals, citing Evaluators, 2015). a lack of detail, inadequate instruction, the use continual use of unexplained jargon and a lack 6. ISP EJVlERGING of consistency in content as being major ROUTER barriers to consumers having neither the DEPLOYlVIENT confidence nor encouragement to implement adequate security. Szewczyk & Valli (2009) Throughout many countries around the world, conducted an examination of vendor ISPs have committed to creating large scale documentation over a four-year period and ISP influenced consumer provisioned public concluded not a single vendor manual could be Wi-Fi networks. Companies such as Fon in described as 'ideal' or adequately support a Europe, Comcast in America, and Telstra in novice end-user in applying ideal security Australia are examples of companies that have practices to their router. "Attempting to established this shift in our public network configure and secure an ADSL router is not environments. Each scheme works through the designed to be a trivial task for the average co-operation between the ISP and their end-user" (Szewczyk & Valli, 2009). This consumers. ISPs deploy routers to their statement raises the question about who consumers that are pre-configured to allow the should be responsible for provisioning adequate consumer to 'trade-off' a portion of their home security. End-users need protection, but also Internet bandwidth to make it publicly require the set-up of networks to be sufficiently available for others to use. simple to allow them to participate in and Essentially, the ISP provides the understand the set-up process. However, if a connection to the Internet and the consumer router is secured by default, and thus extends the ISP's network by turning their potentially cumbersome to implement in a SoHo network into a Wi-Fi hotspot. The home network - would this process potentially benefit to the participating consumer is that encourage end-users to purchase an alternate their 'trade-off' is effectively offset by their product with less security but improved ability to use 'hotspots' provided by other usability. consumers who have similarly opted into the According to Independent Security program. The commonality amongst users is Evaluators (ISE) , (2015) , SoHo routers are they share the same ISP provider and in continually vulnerable due to the manner in Australia, opt-in to the service (Telstra which they are deployed and used in locations Corporation Limited [AU], 2016). As part of such as; coffee shops, libraries, small businesses their launch, Telstra extended its Telstra Air and high density living communities where free service period to customers until 27 March signals can bleed through walls and someone 2017, and currently boasts 650 thousand could 'listen in'. The ISE report concluded that hotspots across Australia (Telstra Corporation compromised routers could be used to perform Limited [AU], 2016b). According to Kidman a man in the middle attack and thus enabling (2014), Telstra anticipates creating a more sophisticated attack to be performed on approximately 2 million hotspots nationwide. devices connected to the router. Specific Additional benefits for Telstra customers threats may include but are not limited to include free access to 19 million hotspots internationally, through Telstra's partnership

@ 2017 ADFSL Page 63 JDFSL V12N4 Broadband Router Security: History, Challenges ... with European Company, Fon (Telstra Telstra does state that ''your Wi-Fi name and Corporation Limited [AU], 2016b). password can be found on the fridge magnet you received with your gateway" (Telstra The routers deployed by Telstra for the Corporation Limited [AU], 2016b). This is an 'Air' network are named Telstra Gateway and obvious security concern and it is Gateway Max. Each device supports Hybrid recommended that ISPs avoid providing the Fibre Coaxial (HFC), ADSL, VDSL and NBN names and corresponding security keys of and cost $168.00 AUD for the 'Telstra customer networks on products that consumers Gateway' and $264.00 AUD for the 'Gateway are likely to keep within 'public' areas of their Max.' Consumers can purchase the Air homes. Fortunately, Telstra does provide compatible routers outright or pay through a information on how customers can change subscription agreement. Alternatively, these details and manage other ADSL settings consumers can purchase a day pass for through the management console. Telstra also occasional use. The service requires use of the appears committed to ensuring firmware Telstra Air application, which is compatible updates on all devices to remain current, with iOS and Android devices. The customer maintaining a policy of updating firmware must log in to the application using a automatically through their remote username and password, which ensures all data management system. The security trade-off of used is deducted from the guest user's private remote management is perhaps a considered broadband account. The application will search risk adopted by them and it is hoped that for and automatically connect the customer's mitigation strategies against remote mobile computing device to the nearest management attacks have been implemented. hotspot when detected, thereby providing customers with an extended public Wi-Fi Security and other advice is offered to service (Telstra Corporation Limited (AU) , Telstra customers through their crowd support 2016a) . and the knowledge base community services. Telstra (2016) is cautious enough to inform Technical security information about the customers to be careful with Telstra Air Telstra Air network and associated hardware is communications, advising communications presently scarce. The Air network does make between the Wireless Access Point (WAP) use of two SSIDs, one for the public network ( ADSL router) and device remains and one for the private network and can unencrypted and therefore the service is not operate on either the 2.4 GHz or 5 GHz recommended for sensitive communications frequencies. A scan of the local area during this such as banking. research identified two public prefixes, namely Fon Wi-Fi and Telstra-Air. Telstra allows "Most public Wi-Fi networks, including customers to change the network names, as Telstra Air, are unencrypted or open and long as the public side of the network potentially unsafe. When you're connecting to encompasses a prefix identifying it as an Air an open network, check for the padlock icon in service. the address bar of your device's web browser. This represents another layer of security. We Instructions on setting up the Telstra recommend not using Telstra Air, or any ADSL gateway is presented on the Telstra public Wi-Fi network, for things like Internet website step-by-step with graphical images to banking or sending and receiving sensitive assist customer comprehension. However, no materials. Information for families Public Wi­ information is provided with respect to the Fi, including Telstra Air, is available in many configuration of default security settings.

Page 64 @ 2017 ADFSL Broadband Router Security: History, Challenges ... JDFSL V12N4 places across Australia and is easy to access" effectively creating a vacuum from which all (Telstra Corporation Limited [AU], 2016.) sorts of sensitive data can be stolen. Consumer-oriented man-in-the-middle devices According to Kidman (2014), Telstra has such as "Wi-Fi Pineapples" are exemplars of always intended to deploy 'normal Wi-Fi' devices that could be used to impersonate and security on the public side of the network and intercept traffic within these networks ( Acuna if Telstra's partner Fon, can be used as a et al., 2017). template to explore security features of Telstra Air products, it may be inferred that the In considering these arguments, it is default encryption standard is Wi-Fi Protected proposed that opt-in services such as Telstra Access 2 (WPA2). Wired Equivalent Privacy Air, Fon, and Xfinity provide no greater levels (WEP), WP A and a no encryption option, of security to users of public Wi-Fi services often called 'open' are also supported. Fon when compared to traditional open Wi-Fi devices support three encryption protocols hotspots. Network traffic on 'Air' remains namely, Temporal Key Integrity Protocol unencrypted and no mitigation strategies are (TKIP), Advanced Encryption Standard proposed to protect users from accessing rogue (AES), and TKIP / AES (mixed mode) access points. For the provider of the extended (Gustafsson & Thor, 2007). Further research is service, little risk is apparent, as guest users sit required if default and optional setting on the outer side of a separate network and all configurations provided by Telstra are to be guest activity is logged and associated back to fully understood and in the best interest of the guest's private broadband account. For the consumers. consumer provider's private network, there appears to be no change to the vulnerability In America, Comcast provides the same or status beyond that which exists as a regular similar expanded Wi-Fi service through its end-user of Internet services. The private 'XFINITY' hotspot feature. Like Fon and network remains as secure as the configuration Telstra Air, Comcast describes their service to of their SoHo router is. consumers as an extended Wi-Fi network, "Your XFINITY Wireless Gateway broadcasts 7. CONSUJVIER LEGAL an additional "xfinitywifi" network signal for RISKS use with XFINITY WiFi. This creates an extension of the XFINITY WiFi network right The legal issues regarding the Internet and in your home that any XFINITY Internet Internet-related services are complex and the subscriber can use to sign in and connect. This following presentation of material is designed XFINITY WiFi service is completely separate to promote discussions about these issues. from your secure WiFi home network" Consumer liability hereafter is defined as the (Hoffman, 2014a). burden of responsibility imposed on an adult Proponents of this consumer extended Wi­ person to secure a Wi-Fi router owned or Fi network argue that consumers are provided operated by him or her. The test will be with greater safeguards when compared to whether a burden exists or may exist in open public Wi-Fi networks because users Australia in future years. Watkins (2013) must register and opt-in to use the service, argues that although criminal liability for the with all Internet activity linked to the guest's malicious actions of a third party accessing an private user account. Critics point to the ease unsecure wireless network remain largely in which false accounts or rogue hotspots can ambiguous, cases have emerged whereby be created, along with fake sign-in pages, unlikely individuals are being held accountable

@ 2017 ADFSL Page 65 JDFSL V12N4 Broadband Router Security: History, Challenges ... for the "negligent operation of a wireless copyright occurred through individuals network." The pre-eminent case regarding accessing a third-party Wi-Fi service. More consumer liability and the provision of public recently, and despite the German court ruling Wi-Fi networks took place in Germany in that passwords were required to secure private 2010. The case, 'Tobias Mc Fadden v Sony networks, the German Government has Music Entertainment Germany GmbH' (2010) proposed new legislation designed to reduce the has been well documented in several media burden of responsibility on business owners publications and law journals in Europe and and individuals providing public Wi-Fi elsewhere. The case centred on a small music networks. The proposed legislation is to reflect store business that provided free Wi-Fi access the German Government's position that to its customers, some of whom used the individuals and businesses are not liable for service to illegally download songs owned by illegal activity arising from Internet activity Sony Music Entertainment (Grieshaber, 2010). they provide, as long as the service is only 'Sony' sought to sue Tobias McFadden, the made available to users, "who have declared owner of the store, for indirectly breaching not to commit any rights violations in the copyright laws; by failing to prevent the use of context of the use" (Out-Law.com, 2016). The his public Wi-Fi service for illegal Australian Government may need begin downloading. The German court made three considering a similar approach in order to significant rulings in this case, protect Australian citizens who might be unknowingly but similarly exposed to litigation 1. "Internet users need to secure their by large corporations imposing their copyright private wireless connections by protections. It is unclear whether the absence password to prevent unauthorized of a requirement to secure Wi-Fi services is people from using their web access to sufficient to ward off these litigation attempts. illegally download data" (Grieshaber, 2010). Placing the onus of responsibility on 2. "Internet users can be fined up to euro consumers alone to adequately secure their 100 if a third party takes advantage of SoHo router is unreasonable, especially in the their unprotected WLAN connection to absence of adequate instruction, adequate set­ illegally download music or other files , up and configuration documentation, or any the Karlsruhe-based court said in its legal requirement for developers, vendors or verdict" (Grieshaber, 2010). ISPs to meet minimal security standards. If a 3. The court did not find the provider of minimum standard of security is the desired the service, Tobias McFadden liable for outcome, then the onus of responsibility should the criminal conduct, namely the be on developers, vendors, and ISP providers downloading of songs (Grieshaber, who possess both the technical knowledge and 2010). expertise to deploy devices that could comply with set minimum-security standards. In In Australia at present, individuals and support of this assertion, a recent settlement businesses are not required by law to secure between ASUSTeK (ASUS) and the U.S. SoHo routers, whether for private or extended Federal Trade Commission (FTC) is reviewed. for public use, and therefore are not currently legally liable for activity conducted by a third On 23 February 2016, the U.S. Federal party using it. However, to date, Australia has Trade Commission (FTC) entered into a not been challenged in the same way as seen in settlement with ASUSTeK (ASUS) after it was the 'McFadden,' 'Sony' case, where breaches of alleged that ASUS had failed to use

Page 66 @ 2017 ADFSL Broadband Router Security: History, Challenges ... JDFSL V12N4

'reasonable security' to protect consumers' • SoHo routers not to be deployed or sold personal information that was exposed in a with default administrative usernames security breach in February 2014. A total of and passwords. This could theoretically 12,900 consumers' storage devices containing minimise the exploitation of devices, personal data were exposed in the breach which are accessed using simplistic ( Charfoos, Feld, & Kadish, 2016). ASUS had brute-force approaches encompassing previously claimed that their routers "protect common usernames and passwords. consumers from any unauthorized access, • Removing weak or obsolete Wi-Fi hacking, and virus attacks" and "protect [the] security protocols that are known to be local network against attacks from hackers" easily exploitable and incorporating (Charfoos et al. , 2016). Upon review, the WPA2/ AES security protocols as routers were shown to have several standard. vulnerabilities in the firmware due to design • SoHo routers to be deployed or sold flaws and were inadequately secured. with remote administration disabled or Allegations that ASUS had also failed to notify if enabled, clearly documented that it is customers about how to mitigate the risks once enabled (i.e. informing the end-user), identified also formed part of the original specifying why it is enabled, the complaint (Charfoos et al. , 2016). The terms of benefits and risks towards the consumer the settlement are comprehensive, with the of it being enabled and how it can be main outcomes including a requirement for disabled. ASUS to introduce a comprehensive security • Improved methods for providing and plan to ensure routers produced by them applying firmware updates, and "protects the privacy, security, confidentiality, consistent standards for vulnerability and integrity of information transmitted disclosures and notifications to be through the routers" (Charfoos et al., 2016). In developed. addition, ASUS will be subjected to audits for • Minimum standards for content in user the next 20 years (Charfoos et al., 2016). manuals to be established. The 8.FUTURE standard should clearly document what information must be included in the RECOJVIJVIENDATIO NS user manual, and standardised Several recommendations are made m terminology that is easily understood accordance with the outcomes of this research. by the end-user agreed upon by ISPs A discussion is encouraged between policy and vendors. makers, ISPs, and vendors about the • A significant increase in consumer introduction of legislation that places a burden education and training programs of responsibility on vendors, developers and regarding SoHo router security, risks ISP providers to meet minimum-security and mitigation strategies, and cyber standards when selling or deploying SoHo security in general. routers in Australia. It is suggested that at a SoHo router security is influenced through minimum standard should include: both technological and human factor • Security to be at the forefront of all challenges. For a lengthy period, end-users firmware development, with increased have had the opportunity to control and testing and transparency of all influence the state of security implemented and firmware placed into the public domain. used on routers. However, preceding research

@ 2017 ADFSL Page 67 JDFSL V12N4 Broadband Router Security: History, Challenges ... suggests that end-users do not always apply collecting information about what consumers optimum security practices on their router. do, where they go and why they do it, even Furthermore, vendors do not necessarily more of our lives will be exposed. ISPs are deploy updates or address security expanding the geography of our connections. vulnerabilities within a timely manner. Consumers are opting into ISP provisioned Subsequently, the aforementioned services that engulf them in a web of public recommendations enable routers to make use of hotspots they help to create. In Australia, baseline security standards thus minimising there is currently minimal publicly accessible common and simple threats from targeting information on the security features enabled routers, for instance bandwidth theft resulting upon deployment of ADSL routers used by from open or WEP based wireless networks. consumers to contribute to this expanded Wi­ End-users can be continually encouraged and Fi service. On the surface, it appears there are influenced to make security conscious decision, advantages for the consumer knowing that all but history has demonstrated that convenience guest connections are logged against the will always be at the forefront of how guests' private account; however, no consumers utilise technology. Convenience, information or discussion is available that coupled with end-users lacking an either describes or discusses mitigation understanding, will persistently result in non­ strategies to offset the risk of users joining ideal practices being employed on routers. By rogue hotspots. creating a secure standardised baseline, end­ To mitigate the ongoing and prevalent users are not given the opportunity to diminish issues identified m this paper, both the state of security and thus forced to technological and human factors must be conform to a minimal level of implemented altered to accommodate the novice end-users - security. who make up a significant proportion of end­ 9. CONCLUSION users in Australia. From a technological perspective, security must be enforced, rather It is evident that SoHo routers were not than be optional. Router vendors are at the designed by vendors with security at the fundamental level to support good security forefront of their development. In contrast practices. For instance, the option for an end­ routers have undergone a rapid expansion of user to utilise the default authentication add on features, with usability and credentials, during the initial configuration functionality prioritised over security. The process of the device, should not be restricted. consequences of this approach are easily The selection of adequate passwords should be recognised with numerous vulnerabilities enforced and enhanced through password embedded in the firmware exposing hundreds meters to demonstrate visually the soundness of thousands, if not millions of consumers of a password by today's standards. around the world to attacks on a continual basis. Search engines such as Shodan.io have Consumers must begin to understand the capitalised on publicly exposed weaknesses of risks involved in online environments and take IoT devices. Strategic searches are easily used a legitimate interest in their security. While it to obtain detailed information about devices, is unreasonable to transfer any technical which may serve in assisting attackers to burden for securing devices, which are identify and select vulnerable targets. As large inherently insecure onto consumers, they must corporations move even further into creating recognise the burden of risk they carry. worlds conditioned by our online behaviours, Consumers and policy makers must demand

Page 68 @ 2017 ADFSL Broadband Router Security: History, Challenges ... JDFSL V12N4 responsible action; they must insist that security is at the forefront of all firmware development. Governments and policy makers must begin to enforce minimum-security standards. These should outline the minimum­ security features that are to be enabled on upon the deployment of all ADSL SoHo routers to the general population. Unfortunately, too many consumers are at risk because the window to their networks ( and their lives) is wide open, and sadly, many consumers are misinformed with how easily accessible they truly are.

@ 2017 ADFSL Page 69 JDFSL V12N4 Broadband Router Security: History, Challenges ...

REFERENCES Acuna, V., Kumbhar, A., Vattapparamban, E., CISCO. (2016, February 15). Understanding Rajabli, F., Guvenc, I. (2017). Localization SQL Injection. Retrieved 9 October 2016, of WiFi Devices Using Probe Requests from Captured at Unmanned Aerial Vehicles. http://www.cisco.com/ c / en/ us/ about/ secu Paper presented at the 2017 IEEE Wireless rity-center / sql-injection.html Communications and Networking Constantin, L. (2014). Many home routers Conference (WCNC), San Francisco, CA, supplied by ISPs can be compromised en USA masse, researchers say. Retrieved 23 Antonakakis, M., April, T., Bailey, M., October 2016, from Bursztein, E. , Cochran, J., Durumeric, Z. , . http://www.pcworld.idg.com.au/ article/ 55 . . Sullivan, N. ( 2017). Understanding the 2058 / many_ home_ routers_ supplied_ by_ i Mirai Botnet. Paper presented at the 26th sps _can_ compromised en masse researc USENIX Security Symposium, Vancouver, hers_say/ BC, Canada. Csaszar, A., Enyedi, G., Ridell, M., Retvari, Armasu, L. (2015, March 20). 'Directory G. , & Sjodin, P. (2012).

Traversal' Flaw Exposes Over 700,000 evolution --of router - architectures --and i Routers to Remote Hacking. Retrieved 9 p_networks.pdf. Retrieved 11 August 2016, October 2016, from from http://www. tomshardware. com/ news/ direc https://www.ericsson.com/ res/ thecompany tory- traversal-flaw-router­ / docs/ journal_ conference _papers/ packet_ hacking,28795 .html technologies/ evolution_ of_ router_ architec tures and ip networks.pdf Carey, P. (2001, January 12). A start-up's true tale (12/ 01 / 2001). Retrieved 8 October Cutlip, Z. (2012). SQL Injection to MIPS 2016, from Overflows. Retrieved from http:/ / pdplO.nocrew.org/ docs/ cisco.html https://media.blackhat.com/ bh-us- 12/ Briefings/ Cutlip/ BH_ US_ 12 _Cutlip_ Charan, S. (2012, November 7). HACK SQL_Exploitation_ WP.pdf TRACK: DLNA (DIGITAL LIVING NETWORK ALLIANCE): Retrieved from CVE-2013-5945. (2013). CVE-2013-5945 http:/ / hacktrack- Retrieved from http://cve.mitre.org/ cgi­ 2012. blogspot.com.au/ 2012/ 11 / dlna-digital­ bin/ cvename. cgi ?name= CVE-2013-5945 living-network-alliance.html CVE-2015-5999. (2015). CVE-2015-5999 Charfoos, D. G. P.-A. D., Feld, J. S., & Retrieved from http://cve.mitre.org/ cgi­ Kadish, J. K. (2016, March). ASUS bin/ cvename.cgi?name= CVE-2015-5999 Settlement: FTC Continues to Focus on CVE-2016-5681. (2016). CVE-2016-5681 Privacy and Data Security Enforcement I Retrieved from https: / / cve.mitre.org/ cgi­ Lexology. Retrieved 16 October 2016, from bin/ cvename.cgi?name=CVE-2016-5681 http:/ / www.lexology.com/ library / detail.as px?g=882dd152-54e2-4bd3-9c83- CVE-2017-5633. (2017). CVE-2017-5633 lf042aa60005 Retrieved from http://cve.mitre.org/ cgi­ bin/ cvename.cgi?name=CVE-2017-5633

Page 70 @ 2017 ADFSL Broadband Router Security: History, Challenges ... JDFSL V12N4

CVE-2017-6411. (2017). CVE-2017-6411 Gustafsson, J., & Thor, D. (2007). Security Retrieved from http://cve.mitre.org/ cgi­ Risk Evaluation of the FON Network. bin/ cvename.cgi?name=CVE-2017-6411 IEEE, Sweden. Retrieved from http:/ / ieeexplore.ieee.org/ xpls/ abs_ all.jsp? CVE-2017-7398. (2017). CVE-2017-7398 arnumber= 4389894 Retrieved from http://cve.mitre.org/ cgi­ bin/ cvename.cgi?name=CVE-2017-7398 Haag, S., Cummings, M., & Rea, Jn, A. (2016). Backdoors. Retrieved 15 October Duffy, J. (2009, February 9). Evolution of the 2016, from router. Retrieved 11 August 2016, from http:/ / highered.mheducation.com/ sites/ 00 http://www.networkworld.com/ article/ 287 72834110/ student_ view0/ chapter13/ backd 0329 / Ian-wan/ evolution-of-the-router.html oars.html EDB-ID: 30062. (2013). D-Link DSR Router Hampton, N. , & Szewczyk, P. (2015). A survey Series - Remote Command Execution. and method for analysing SoHo router Retrieved from https:/ / www.exploit­ firmware currency. Paper presented at the db.com/ exploits/ 30062/ 13Th Australian Information Security and Fogarty, K. (2014, February 18). Home Management Conference, Edith Cowan Routers Pose Biggest Consumer University, Western Australia Cyberthreat. Retrieved 1 October 2016 ' Hoffman, C. (2014a, March 17). Your Home from Router May Also Be a Public Hotspot - http:/ / insights.dice.com/ 2014/ 02 / 18/ home Don't Panic! Retrieved 23 August 2016, -routers-pose-biggest- consumer­ from cyberthreat / http://www.howtogeek.com/ 184727 / your­ Folgado Rueda, A. , Rodriguez Garcia, J. A., & home-router-may- also-be-a-public-hotspot­ Sanz de Castro, I. (2017). Revisiting dont-panic/ SOHO Router Attacks. Magdeburger Hoffman, C. (2014b, April 21). Should You Journal zur Sicherheitsforschung, 14, 797- Buy a Router If Your ISP Gives You a 814. Retrieved August 10, 2017, from Combined Router / Modem? Retrieved 23 http:/ / www.sicherheitsforschung­ August 2016, from magdeburg.de/ uploads/ journal/ MJS 054 Rueda_SOHORouter.pdf - - http://www.howtogeek.com/ 187439/ should - you-buy-a-router-if-your-isp-gives-you-a­ Greenberg, A. (2017). Wikileaks Reveals How com bined-routermodem / the CIA Could Hack Your Router. Horowitz, M. (2016, December 4). Firmware Retrieved June 15, 2017, from Updates - Router Security. Retrieved 15 https:/ / www.wired.com/ story / wikileaks­ October 2016, from cia-router-hack http://routersecurity.org/ firmware.updates Grieshaber, K. (2010, May 12). German court .php orders wireless passwords for all. Retrieved Independent Security Evaluators. (2015, April 22 August 2016, from 22). So Ho_ techreport. pdf. Retrieved 12 http://www.nbcnews.com/ id/ 37107291/ ns/ August 2016, from technology_ and_ science- https:/ / securityevaluators.com/ knowledge/ security / t / german-court-orders-wireless­ case_ studies/ routers/ SoHo _ techreport. pdf passwords-all/

@ 2017 ADFSL Page 71 JDFSL V12N4 Broadband Router Security: History, Challenges ...

Independent Security Evaluators, & Holcomb, DDP-516. Retrieved 26 October 2016, from J. (2013). Vulnerability_ Catalog.pdf. http://www.old- Retrieved 2 October 2016, from computers.com/ museum/ computer .asp? c=5 https:/ / securityevaluators.com/ knowledge/ 51&st= l case_ studies/ routers/ Vulnerability_ Catalo Out-Law.com. (2016, December 5). New law in g.pdf Germany will further reduce liability of Kidman, A. (2014, May 20). Telstra's New Wi­ Wi-Fi providers for copyright infringement Fi Network: Everything You Need To by users. Retrieved 16 October 2016, from Know. Retrieved 23 August 2016, from http://www.out- http:/ / www.lifehacker.com.au/ 2014/ 05/ tels law.com/ en/ articles/ 2016 / may / new-law-in­ tras-new-wi-fi­ network-everything-you- germany-will-further-reduce- liability-of-wi­ need-to-know / fi- providers-for-copyright-infringement-by­ users / Kim, P. (2017). Pwning the Dlink 850L routers and abusing the MyDlink Cloud protocol. Osborne, C. (2017). Researcher discloses 10 D­ Retrieved from Link zero-day router flaws. Retrieved from https:/ / pierrekim.github.io/ blog/ 2017-09- http://www.zdnet.com/ article/ 10-d-link­ 08-dlink-8501-mydlink-cloud-0days- zero-day-router-flaws-exposed/ vulnerabilities.html Raytheon. (2011, November 2). The Laughlin, A. (n.d.). What is DLNA? - Which? ARPANET. Retrieved 8 October 2016, Retrieved 2 October 2016, from from http:/ / www.which.co.uk/ reviews/ television http://www.raytheon.com/ rtnwcm/ groups s/ article/ what-is-dlna / gallery/ documents/ digitalasset/ rtn _ 22461 4.pdf Land, J. (2017). Systematic Vulnerabilities in Customer-Premises Equipment (CPE) Rotenberg, N., Shulman, H., Waidner, M., Routers. Retrieved from Zeltser, B. (2017). Authentication-Bypass https://resources.sei.cmu.edu/ asset_files/ S Vulnerabilities in SOHO Routers. Paper pecialReport / 201 7 _ 003_001 _ 502618. pdf presented at ACM SIGCOMM 2017. UCLA Meyer & Renee Luskin Conference Netgear. (2011). Center, LA ReadySHARE _Cloud_ Flyer_ 12JULY2011 .pdf. Retrieved 23 October 2016, from Router. (2016, August 23). UPnP. Retrieved https://www.netgear.com/ assets/ landing/ r from ______http://www.routercheck.com/upnp_ - 2/ eadyshare/ ReadySHARE _Cloud_ Flyer_ 1 Router Check. (2016, August 23). CSRF. 2JULY2011. pdf Retrieved from NIST. (2014). CVE-2013-3069 : Multiple cross­ http://www.routercheck.com/csrf/ site scripting (XSS) vulnerabilities in Sericon Technology. (2015, August 25). NETGEAR WNDR4700 with firmware The_ Real_ State_ of_ WiFi _Security_ in_ 1.0.0.34 allow remote authenticate. the_ Connected Home. pdf. Retrieved 1 Retrieved 23 October 2016, from October 2016, from http://www.cvedetails.com/ cve/ CVE-2013- http://www.routercheck.com/ WhitePapers 3069/ / The_ Real_ State_ of_ WiFi _Security_ in Old-Computers.com. (n.d). OLD- the Connected Home. pdf COMPUTERS.COM Museum - Honeywell

Page 72 @ 2017 ADFSL Broadband Router Security: History, Challenges ... JDFSL V12N4

Shodan.io. (2016). Shodan. Retrieved 8 Watkins, C. G. (2013). Wireless Liability: October 2016, from Liability Concerns for Operators of https://www.shodan.io/ Unsecured Wireless Networks. Rutgers Law Review, Forthcoming, 2013. Szewczyk, P. (2006). Individuals' Perceptions of Wireless Security in the Home Yang, L. (2016, April 15). [DS15] Advanced Environment. Paper presented at the 4th SoHo Router Exploitation - Lyon Yang. Australian Information Security Retrieved 24 September 2016, from Management Conference, Edith Cowan https: / / www.youtube.com/ watch?v = vhR9 University, Perth, Western Australia gcTtx0g Szewczyk, P. (2013). Usability and Security Support Offered Through ADSL Router

User Manuals. Paper presented at the 11th Australian Information Security Management Conference, Edith Cowan University, Perth, Western Australia Szewczyk, P., & Valli, C. (2009). Insecurity by Obscurity: A Review of SoHo Router Literature from a Network Security Perspective. The Journal of Digital Forensics, Security and Law: JDFSL, 4(3), 5. Telstra Corporation Limited (AU). ( n.d.). Telstra Air - How it works - Telstra Wifi Network. Retrieved 23 August 2016, from https://www.telstra.com.au/ broadband/ tel stra-air / how-it- works Telstra Corporation Limited (AU). (2016a). Telstra - Wi-Fi Gateways & Extenders - Connected Home. Retrieved 15 October 2016, from https://www.telstra.com.au/ connectedhom e / enhancements/ getwifi Telstra Corporation Limited (AU). (2016b). Telstra Wifi Hotspot Network - Telstra Air. Retrieved 15 October 2016, from https://www.telstra.com.au/ latest- offers / telstra-air-free-wifi-offer US-CERT. (2011). HomeRouterSecurity2011.pdf. Retrieved 21 August 2016, from https://www.us­ cert.gov/ sites/ default / files / publications/ Ho meRouterSecurity201 l. pdf

@ 2017 ADFSL Page 73 JDFSL V12N4 Broadband Router Security: History, Challenges ...

Page 74 @ 2017 ADFSL