Does your business connect to the world with a DrayTek router? If so, it's time to get it checked sooner rather than later to find out if it's one of 24 router models with serious vulnerabilities in them.
Security vendor Forescout has discovered 14 vulnerabilities in DrayTek routers, the most serious of which rates as 10 out of 10 - that is, it doesn't get worse than that.
As the name implies, a router passes traffic between your local area network and the Internet (this is in simple terms). They're in an exposed position, and have to be safe from attackers that often use automated mass-scans to discover vulnerable devices to compromise.
There are plenty of DrayTeks in our part of the world: Forescout found 5132 vulnerable devices in New Zealand alone.
Australia has over 31,000 and most of them are used by businesses. Around the world, over 700,000 DrayTek routers are connected to the Internet; it's a very popular brand.
Of course, the issue has been given a catchy security vendor name: Dray:Break.
If an attacker finds a vulnerable DrayTek box, what can they do?
Routers are essentially computers that specialise in data traffic transmission and have special features for that task. They occupy very privileged positions on network, so if attackers can take them over, they've struck gold.
Forescout described scenarios like running persistent (so it survives a router restart) code that intercepts and analyses network traffic, stealing information, moving laterally into other devices, running botnets, taking part in traffic flooding denial of service attacks and more.
Your router could become enrolled in criminal digital infrastructure in other words, and act like a command and control node. This is not what you want to happen.
The issue here is one we've covered before, namely that these sort of devices just sit there for long periods of time, with nobody paying attention to them. In lots of cases, they just keep humming away, long after they reach end-of-life and are no longer officially supported with security patches.
With computers and smartphones, you normally get alerts, reminders and nags to upgrade the software in them. Routers generally don't get that care, unless someone's aware of the dangers and is diligent enough to do something about it.
Like updating them. DrayTek has released patches for the firmware (this is code that's stored in non-volatile memory). If you or your organisation has a DrayTek sitting somewhere on the network, now's a good time to get it patched.
Forescout also recommends that users disable remote access to the DrayTek routers if it's not needed. That's sensible because why leave a potential way in open if you don't need to? Putting in Access Control Lists (ACLs) that limit from which network address ranges the routers can be accessed, and adding two-factor authentication are also good measures, along with network segmentation.
Ask your nearest friendly - and qualified - information security company to help out if necessary.
We welcome your comments below. If you are not already registered, please register to comment.
Remember we welcome robust, respectful and insightful debate. We don't welcome abusive or defamatory comments and will de-register those repeatedly making such comments. Our current comment policy is here.