Summary:

• eero routers remain secure, despite a number of malware attacks focused on hacking consumer routers in the past few years. eero is built with additional layers of security to ensure that every customer is safe and secure.

• Last week, researchers from Cisco announced that the impact of the VPNFilter router-based malware attack was much worse than expected.

• Not only did it affect over 500K routers in 54 countries, but the list of affected routers more than doubled from initial expectations – including top router manufacturers Netgear, Linksys, and Ubiquiti. eero was not affected by this hack.

• VPNFilter has the potential to not only hack into a customers’ network, but also to intercept and modify web traffic, overwrite software on third-party devices, and allow a third party, most likely a foreign state actor, to manage and control customers’ networks going forward.

• This attack is part of a growing trend of hacks affecting consumer routers by malicious actors.

• For those who care deeply about digital security, eero offers an additional subscription service — eero Plus — to further protect you and your family online.

Updated June 13, 2018

Last week, Cisco updated their assessment of a malicious hack called VPNFilter — an attack that affects over 500,000 homes, in over 54 countries. It was much worse than originally expected.

Originally suspected to only affect 11 types of router, VPNFilter has been detected on 17 types of routers (not eero) including those made by Netgear, Linksys, D-Link, Ubiquiti, Asus, and Huawei.

While experts first thought VPNFilter only gave attackers access into a customer’s network, which would allow an attacker to reach and access information from devices on a network, researchers now believe this malicious attack also allows third parties to control customers’ home networks. When done, an attacker can not only access and control connected devices but also modify consumer web traffic or delete software on affected devices.

What makes many routers insecure while eero remains safe?

In the case of VPNFilter, traditional routers are vulnerable at a number of different points. That includes the ability to attack public web interfaces and insecure devices connected to the network, and exploit unpatched software vulnerabilities and weak or default passwords – all vulnerabilities that just don’t exist on eero. Once a vulnerability has been exploited, hackers can replace the software on the device for any number of malicious purposes.

With eero, none of these attacks work. eero networks have no web interfaces, either public or private, so they cannot be attacked by common web application security issues such as cross-site scripting or cross-site request forgery. They also have no default passwords, so hackers can’t simply type “admin” into a text field and gain administrative access to your network. Nor do they have any passwords at all – access to an eero network requires a one-time password during login which is communicated directly to the account owner when necessary, so there’s no danger of an insecure password that you set up in a hurry years ago coming back to haunt you.

Even if a hacker were somehow able to get access to your account, there’s no way of telling an eero to download a malicious software image over the internet – software updates are controlled by the eero cloud, where eero monitors them for tampering, and eero devices will refuse to load updates that the cloud hasn’t vouched for.

Originally published April 18, 2018

In the last month, there have been a number of attacks on consumer routers in the U.S., putting many peoples’ personal data and information at risk.

This follows a recent filing by the U.S. government disclosing a potential hack led by state-sponsored Russian hackers attempting to access and capture US and UK residents’ internet usage data. In both cases, investigators suspect that the devices affected were compromised by exploiting outdated protocols or software packages containing known vulnerabilities, for which no software updates had been applied as most consumer routers require consumers to take this action themselves.

At eero, thanks to our automatic and regular software updates as well as a number of other security measures built into our devices and software, we are confident that our customers were not affected by the most recent hack. We know how important it is to have a WiFi network customers can trust and keeping our systems safe and secure is a top priority.

How do we ensure eeros are secure?

Security is at the forefront of our hardware and software — and has been since we first launched.

Security built into every device includes:

• Hardware and software that we design from the ground up. When eeros are assembled, we validate the security of our software and can prevent loading third-party software or applications carrying malicious bugs on these devices. That’s not the case with many other routers.
• Network and product validation during setup. When customers add eeros to their network, we run multiple checks to validate the authenticity of that product and can prevent a counterfeit product from connecting to your network.
• A controlled and protected connection to our cloud. Software updates are only distributed from the eero cloud, and updates are checked for authenticity before installing, ensuring that eeros continue to run trusted and verified software.
• When needed, rapid security updates. With automatic updates, eero networks remain proactively protected against new security vulnerabilities, such as KRACK.

Alternatively, many other home routers continue to be at risk. Without automatic security updates, other systems are often out of date and lack the latest security protocols, and many systems make it easy for the firmware to be modified or added, which could leave them unexpectedly susceptible to vulnerabilities.

Take your network security up a notch

While we have done a lot to ensure our customers’ network safety and protection while online, it is important to always remain vigilant about any websites you visit or emails you open. The good news is that with our premium subscription service, eero Plus, we add another extra layer of protection for you and your devices from mistakenly accessing malicious websites, viewing unsuitable content, and even preventing your IoT devices from joining potential botnets.

If you already have an eero network and are interested in joining eero Plus, you can now easily sign up by purchasing through eero.com.