Attacks targeting routers and smart home technology

Routers are increasingly at risk of attack. As the main control centre for most home networks, routers serve as the internet access point for all other IP-enabled devices in the home network. This makes routers an attractive target for cyber criminals. This was demonstrated by an attack that took place in November 2016: a worldwide cyber attack targeted routers, aiming to infect them with malware and add them to a global botnet.

The attack vector was a widespread configuration protocol that enables users to easily set up a router from the local network. For some router models from certain manufacturers, however, the implementation of this protocol contains a security-relevant vulnerability: the router configuration could be changed remotely via the Internet. This took place over an open port typically used in other contexts for automatic firmware updates and for remote access points in the context of support from Internet providers.

As the digitalisation progresses, the 'Internet of Things' is moving into your house, so to speak. Our household devices are becoming ever-more closely connected, which in turn is driving the creation of a stream of new applications designed to make our lives more convenient. But in the face of these developments, we should not be making purchase decisions based solely on cost and convenience.

With all smart home purchases, we must also carefully consider the aspect of security. A malware infection in our smart home technology could have serious consequences: For example, criminals might be able to remotely attack the access system for your front door or garage in preparation for a break-in. Or they might infect the webcams in a home in order to spy on its inhabitants and observe their behaviour.

PCs, laptops and similar technology

E-mails infected with malware threaten infections. One trick that attackers frequently use is to send out fake reminders or invoices with infected Office files attached to them. If you click on this attachment and perform an action such as activating macros, you are at risk of your system becoming infected. This is why the BSI strongly advises you not to open attachments in e-mails from senders with whom you are unfamiliar.. Not only that, be careful when opening e-mails from senders that seem familiar. In reality, sender addresses are easy to camouflage, meaning an e-mail with a fraudulent sender may include an attachment containing malware.

However, this does not mean that e-mails without attachments are all safe! In particular, e-mails may contain a link in the text to a specially prepared website. It is increasingly the case that malware spam e-mails arrive without an attachment. Instead, they ask you to click a link in the text, purporting to link you to an invoice, for example. In these cases, too, always think carefully before you click. However, these 'invoices' typically force you to download an '.exe' or Office file.

The danger here is that even reputable websites can be infiltrated with malicious code, e.g. in the form of manipulated advertising banners. As drive-by infections exploit security vulnerabilities on your own PC, the BSI recommends that you install security updates for your operating system and other software as soon as possible after release as an additional preventive measure.

Cyber criminals also continue to distribute malware via external storage media. For example, be careful with any USB sticks that you are given for free. From the outside, you cannot tell from the outside whether or not a free gift contains malware. The same applies, for example to driver software on USB sticks from manufacturers. For example, the system used to create the driver sticks may already have been infected with the malware. Conversely, a 'heathy' USB stick can become infected when it is carelessly inserted into a system that may be infected with malware, for example at a copy shop.

Smartphones, tablets and similar devices

One of the main routes of infection for Android smartphones and tablets is the installation of a manipulated app by the user themselves. During installation, users often grant wide-ranging access rights to the app, without considering the consequences. A malicious app can then access all those resources: your contacts, text messages, e-mails, camera, microphone or location data. For this reason, the BSI recommends that you only install apps from controlled sources such as the Google Play Store or the Amazon Appstore on Android devices.

The apps listed in these stores are generally checked for malware before release. From time to time, manipulated apps do make their way into official stores, but apps obtained from unofficial third-party sources are not subject to any security checks at all. Users should also think carefully before granting access rights to an app during installation. In each case, consider whether the app actually requires access to the resource in question to function in the way you intend to use it.

In addition to infected apps, malware can also exploit vulnerabilities in mobile operating systems or their components, such as web browsers, to make its way onto smartphones and tablets. Once initial infection has taken place, many pieces of malware for PCs and laptops download further malicious code from the internet and covertly install it on the mobile device. You can prevent this from happening by installing all software updates as soon as they are available to eliminate known vulnerabilities. You can also configure your device settings to automatically install updates.

Careless connections between mobile devices and a potentially infected computer or USB also bring with them the threat of infection. For example, mobile devices maybe connected when charging the battery or transferring photos or music data. Once the access has been approved on the smartphone or tablet, the malware on the compromised computer can infect the mobile device with malware just as if it were an external harddrive.