Alexa metrics
0161 215 3700
0800 458 4545
0800 230 0032
0161 215 3711
Fast Chat

How Wireless Routers Were Hacked into a DDoS Army

17 January 2018 by Al McCloud

What the Huawei HG532 router teaches us about IoT security.

Arguably the first ‘Internet of Things’ device was created back in 1991 at the University of Cambridge. It was called the ‘Trojan Room coffee pot’ – it was a camera, connected to the computer lab’s network, which allowed everyone in the lab to check the coffee pot without getting up.

Trojan Room Coffee Pot Xcoffee

The feed from ‘Trojan Room coffe pot’ by Quentin Stafford- Fraser

It was a big deal for students who loved coffee in the 90’s, but would become immortalised as the inspiration for the first ever commercial webcam. Since then we’ve not looked back, and it’s common to have a range of smart devices in our homes and businesses.

We’re extending the internet into the real world with the likes of cameras, sensors and fridges, and this is great for the advancement of tech, but we all know that the internet-at-large is not always a safe space. Bringing more devices online means that the real world is a little less safe from cyber-attackers.

Such is the case in the last few weeks, as a hacker demonstrated his ability to turn a consumer-grade smart device, in this instance a wireless router, into a member of their digital dark army.

‘Nexus Zeta’

The perpetrator of the attack is still unknown, though they have left behind some clues.  Check Point researchers suggest the hacker by the name of  ‘Nexus Zeta’, an amateur who found all the information they needed to carry out the attack in online forums, but that it’s also possible it was the work of “advanced nation-state perpetrators” and “notorious threat gangs.”

IoT Botnets

Whoever is responsible would need plenty of devices to perform their DDoS attack; a technique which sends tidal waves of traffic to an address in order to buckle the hosting solution and take websites and apps offline.

As you can imagine, getting your hands on this many devices isn’t practical, which is why cyber-attacks use software like Mirai to turn innocent devices into members of the DDoS army.

This collection of zombie devices is known as a botnet, a robot network. These botnets are commonly tasked with generating malicious traffic, spamming inboxes or carrying out DDoS attacks.

This particular wireless router is the latest IoT device to be drafted, thanks to a remote code execution vulnerability and Mirai.

Mirai Mirai on the wall

Mirai (未来) is Japanese for ‘the future’

The Mirai source code, which forms the bedrock of this attack, is widely publicly available in forums. That’s why cybercriminals are able to experiment with variants of the code to exploit all sorts of internet-connected devices into carrying out their bidding.

An investigation by Incapsula found that over half of all the devices used in a DDoS attack on a US college came from the same brand of internet-connected digital video recorder.


The router in question

Huawei Hg532

The majority of Huawei wireless routers are likely sat in the homes of unsuspecting users, and unlike a computer, it’s not easy to update the operating system that keeps your IoT devices ticking. What’s more, because these devices are bought and sold without customer details attached, it also makes it difficult for Huawei to get in contact with the end-users and direct them to apply the update.

And, even if that were possible, your average internet user would really struggle to understand a router’s interface and the steps necessary to apply a patch, particularly if that meant sacrificing their own internet for an hour or two.

All this adds up to the fact that most of these devices will likely stay vulnerable, and users might not even notice a difference in performance.

Commenting on the vulnerability, Huawei has issued the following advice:

Customers can take the following measures to circumvent or prevent the exploit of this vulnerability. For details, consult the local service provider or Huawei TAC.

(1)     Configure the built-in firewall function.

(2)     Change the default password.

(3)     Deploy a firewall at the carrier side.

The IoT threat

If like most of us, you’ve been snoozing your OS update notifications, you’ll know that it’s not easy to persuade the average human to update their machine, but that’s child’s play when compared with updating an IoT device over-the-air, particularly because there’s not even a screen to bug you.

This latest exploit once again brings up a conversation about IoT security, and where the responsibility lies to properly protect internet connected devices from malware, and protect users from infected devices.

How to protect your business from the attack

Whilst it could be a messy and prolonged future of attacks from this wireless router, and other IoT devices in future, you can immediately protect yourself and your business from attack with a robust DDoS security solution.


DDoSX® investigates all attacks and generates a unique fingerprint for each attack, identifying and redirecting this traffic away from your webserver, keeping your business online and functional.
Get protected