NanoLock Uncovers Critical Security Vulnerability in Buffalo Connected Router

With the Internet of Things (IoT) abounding in residential, commercial, and governmental operations, connected devices have become the very epicenter of our society. These complex networks are founded on routers—whose already enormous number is expected to continue to rise in the coming years. A report from Mordor Intelligence forecasts that, by the end of 2020, “households worldwide will have more than 10.5 billion devices capable of connecting to their home Wifi router,” leaving ample game for hackers to prey on. Moreover, as the coronavirus pandemic surges on and more and more people continue to work from home (some, perhaps, permanently), the ground for attacks only ripens.

And it’s not just residential routers that are at risk; routers in governmental buildings, for example, are particularly attractive prey for hackers, as a manipulation in this arena could have serious global impacts. Consider, for instance, two countries who are already embroiled in a trade war, e.g., the United States and China; in this scenario, an attack on an adversary’s router is an all too tempting entryway to infiltrate and hijack the rival country’s connectivity.

It’s clear that routers are such desirable targets for hackers as they are a prevalent form of connectivity, ripe for interception, blocking, and DDOS; thus, it is most concerning that routers are also notorious for their vulnerability and susceptibility to attacks. Despite routers’ significance, they are relatively low-cost devices and, therefore, do not typically include the kind of robust security necessary to deflect persistent attacks. The vulnerability of the router has already been demonstrated by a history of attacks, e.g., the D-Link routers under attack in 2019, the VPNFilter malware that infected 500,000 consumer-grade routers in 54 countries in 2018, and the version of Mirai that knocked 900,000 Deutsche Telekom customers offline in 2016.

New Router Hack Discovered

On June 22 at InfoSecWorld 2020 Digital, NanoLock announced that a new hack has been discovered in a Buffalo Router (V 2.46) from Buffalo, a global provider of networking, storage, and multimedia solutions for the home and small businesses. The hack was discovered by Israeli cybersecurity innovator, NanoLock Security, who is exposing the vulnerability in its mission to emphasize the dire consequences of weak router security.

In 2019, NanoLock met with Buffalo’s R&D team to demonstrate the hack on their router, exposing how hackers use web admin to downgrade the router from the secured version (V 2.46) to V 2.34 and then use telnet access to hack the firmware. This hack is particularly volatile, as the V 2.46 contains a security patch that is supposed to address the vulnerabilities present in V 2.34.

There are millions of this specific Buffalo router in the market today, and the vulnerability exposed by NanoLock—and its severe consequences—also applies to millions of other routers. This vulnerability leaves millions of homes and business exposed to criminals who could access personal information, send users to fake websites, upload malware, or even compromise networks to attack other networks. In fact, the FBI has issued an official warning about foreign hackers using the VPNFilter malware to exploit connected devices, steal information, block network communications, and, ultimately, render routers inoperable. Unfortunately, the FBI also affirmed that this malware—and those similar to it—are difficult to detect and deflect.

Foiling Hackers with Flash-to-Cloud Protection

NanoLock demonstrated how the identified vulnerability in the Buffalo router can be secured by implementing the NanoLock flash-to-cloud cybersecurity solution.

• Hackers are blocked when they attempt to use web admin to downgrade the Buffalo router from the secured V 2.46 to V 2.34; an alert is also sent to the dashboard.
• Even if the hacker were to successfully downgrade to V 2.34 using the dashboard, the embedded flash protection would continue to safeguard the Buffalo router from further attempts to inject malicious code; an alert would also be sent to the dashboard per each attempt.

Breaking the Vicious Cycle

This flash-to-cloud concept ensures that all persistent changes to the device’s flash (i.e., its non-volatile memory) must be signed and authorized by a trusted server or management platform that is managed by the service provider, thus preventing hackers from gaining persistent access to the router. It is not enough to simply identify and remedy a specific vulnerability, as this will rarely solve the core problem, and there will inevitably be other security breaches in the future; rather, to fully protect routers from would-be hackers and escape the vicious cycle of ‘hack-and-patch,’ manufacturers must outfit their routers to block unauthorized persistency, thus preventing persistent hijacking and enabling their customers to detect attempted attacks and recover with a simple reset.

Safeguarding Routers with Protection, Cost Savings, Compliance, and Control

• Unique, passive prevention
• Real-time detection and notification of attempted attacks
• Reliable status alerts
• Validated OTA updates
• Collection of forensic data
• Processor- and operating-system-agnostic
• Compliance with regulation requirements
• Visibility of installed bases

To fortify their connected devices to reliably block outsider, insider, and supply chain attacks (even when other measures fail), manufacturers must take a different approach to cybersecurity, focusing on ways to address security vulnerabilities before they are exposed to ensure that their growing networks of routers will remain resilient in the face of attempted hacks.