Guarding Against the Rise in Router and VoIP Attacks

After a recent high-profile media story highlighted how poor router security led to a police raid of the home of an innocent family, we take a look at how Wi-Fi piggybacking attacks against home and domestic targets, and VoIP hacking of businesses worldwide are growing threats.

What Happened?

It has been reported that in January this year during the lockdown, the family home of a couple and their two young children was unexpectedly raided by police. The shocked and frightened family could only look on as their desktop computer, three laptops, and current and old mobile phones retrieved from drawers around the house were taken away by officers. The family found themselves with just a landline for communications, and under suspicion for a crime which, as it later transpired, they did not commit, and knew nothing about.

Work Laptop

To make matters worse, the father of the family was forced to tell his boss that the police required the decryption key to unlock his work laptop, thereby making him fear for his job.

Wi-Fi Accessed Due To Poor Router Security

When the devices, which the family were told had been taken for ‘evidence’, were finally returned two months later, it became clear that a mistake had been made because the family’s Wi-Fi connection had been used without their knowledge, and by an unknown party to upload illegal images to a chat site. 

The evidence given to the police by the National Crime Agency which led to the raid, had suggested that the illegal uploading had come from the family’s IP address. In reality, the family had simply fallen victim to criminals piggybacking their insecure wireless connection. The weakness that had allowed the attack is believed to have been a weak/poor default password on their old router.

Router Danger

A recent Which? investigation looked at the security aspects of 13 models of commonly used old routers from companies such as Virgin, Sky, TalkTalk, EE, and Vodafone. It was discovered that 6 million users may have router models that have not been updated since 2018 at the latest, with some not being updated since as far back as 2016! The investigation discovered issues with more than half of all routers (of those surveyed). This suggests that as many as 7.5 million users could have routers with security risks.

The main vulnerabilities threatening the security of business and home-user routers, which are often the same thing now with remote working, include weak default passwords that can be easily guessed by hackers, meaning that the router could be accessed remotely, from anywhere in the world. Local network vulnerabilities can also allow a cybercriminal to take control of a user’s device, see what a person is browsing, or even direct a user to malicious websites. A lack of recent updates to the Firmware of a router could also negatively affect a device’s performance, thereby affecting productivity, and leaving outstanding security issues.

VoIP Systems Hacks on the Increase

Recent ‘Check Point’ research has also shown that there has been a big rise in cyber-fraud operations targeting VoIP phone systems worldwide. For example, a Gaza-based hacking group was found to be responsible for targeting servers used by more than 1,200 organisations based across over 60 countries, with half of those targets being in the UK! What’s more, hackers worldwide are creating their own social media groups to share tips and know-how relating to VoIP phone system hacking and to organise and coordinate future attacks.

What To Do

Businesses can guard against router security threats by taking measures such as changing usernames and password(s), ensuring that the router’s firmware is up to date, changing the network name/SSID, stopping the Wi-Fi network name/SSID from being broadcast, enabling the router’s firewall, or simply upgrading to a new, more secure router. 

To guard against the threat of VoIP phone system hacks, businesses need to make sure that their security patch installation management systems and procedures are up to date, call billings are regularly analysed, there is a clear and robust password policy in place, and an intrusion prevention system is implemented.

For further advice and information about how to keep your household and your business safe and secure, contact your local MSP, Paradise Computing, on 01604 655900 or send us a message using our online contact form.

Gearing up for Greatness: Team Paradise Prepare for the Ultra Challenge

10 May 2024

Our Ultra Challenge team are preparing for the adventure of a lifetime. Next weekend, they take on a non-stop 100km/24-hour hike to raise funds for the NSPCC. Find out how the team are preparing for this ultimate test of physical and mental endurance and how you can support them.

Meet the Team: Gareth Whyley

26 April 2024

Let's meet Paradise Computing's Project Manager, Gareth Whyley. Gareth has a background in IT consultancy and is a specialist in compliance and project management. He is passionate about helping our clients achieve their goals.

Meet the Team: Rachmann Joubert

12 April 2024

Today, we’re shining the spotlight on Rachmann Joubert, a Sage Support Specialist who has brought his wealth of software development experience to the role to help build solutions for our clients.