This year when you go away for the summer holidays, will you have secured everything at home while gone?

House locked up properly, mail redirection, have the letterbox emptied, neighbours checking in every now and then and maybe remote cameras, movement sensing lights and alarms installed.

How about your broadband router though?

The device that connects your household to the internet just sits there, pushing packets back and forth, forgotten as long as it works.


Anything connected to the internet nowadays is guaranteed to be subject to a barrage of attacks and broadband routers have become prime targets.

Routers are computers, optimised for networking duties. That means they need to be kept up to date just like your smartphones, tablets, laptops and desktops, with security patches and sometimes, replaced if they have hardware bugs.

Unfortunately, routers often run old and vulnerable code and there are lots of them around, adding to the value for hackers looking for massive "bot herds" of compromised devices to abuse.

It's easy and fast to undetectably scan networks connected to the internet to find vulnerable devices — because few retail routers have any kind of intrusion detection systems.

Once found, it's equally easy to deploy take-over attacks, as was shown with the Mirai internet malware infections and more recently, a related nasty called Satori that's spread rapidly to some 300,000 routers already.

Satori looks for a specific Huawei router model that's vulnerable, the HG 532, which it can commandeer remotely and run any commands it likes on the device.

That could be installing malware, running spambots, illegal file sharing, running massive denial of service attacks, and more.

Most of the time customers wouldn't even notice what was going on, unless their data caps were depleted unusually fast, or their connections started to perform badly for no good reason.


Luckily, Satori doesn't seem to have targets in New Zealand. A quick check-in with Vodafone and Spark told me that while both run Huawei gear, the vulnerable router isn't on their networks.

Both Vodafone and Spark are keeping an eye on the spread of internet worms targeting routers, and say they will have automatically and manually deployed updates for routers in case vulnerabilities pop up.

You can also log into your router and check for updates; most have some way to this, but it depends on if the device vendor has issued security patches.

If your broadband router is a few years old, check with your internet provider if it can be swapped out to a new model, that's more likely to be supported with updates from the company that manufactured it.

Anything connected to the internet nowadays is guaranteed to be subject to a barrage of attacks and broadband routers have become prime targets.

For the more paranoid, there's always the option to switch off the router while away.
If you don't run gear like video surveillance cameras, phones or other devices that need the internet connection to be on all the time, switch it off.

That has often the added bonus of turning off the WiFi on the router, further reducing the attack surface both wirelessly and physically — there's no radio-frequency beacon signalling its presence to the world when there's nobody at home and that there's IT gear to steal.

The continuing menace of Mirai and other malware attacks means internet providers and telcos will have to rethink what gear they put in customer homes.

Internet-borne attacks are extremely quick; analysing them, getting tested updates for customer premises equipment from vendors AND deploying them to hundreds of thousands of routers is a painfully slow process in comparison, leaving a large window of opportunity open for attackers.

Software defined network (SDN) products like the Kiwi developed Faucet controller is making waves around the world, and sits as a virtual layer above the hardware.

It can be used to detect attacks — and if needed quickly reconfigure networks to deal with bad things happening, rather than waiting for firmware patches to be developed.

SDN should be on internet providers' radar in a world that requires much quicker reaction times than in the past, and where customers are at constant risk of being virtually burgled.