Slightly more than one year after announcing its OnHub home router, Google this week took the wraps off some of the features it says makes the device more secure than most comparable consumer products.
OnHub is a router that Google claims supports WiFi for more than 100 devices at the same time.
It comes with features that let users prioritize bandwidth availability for different home devices based on use. It allows users to boost WiFi speed for particular devices by waving a hand over the device and lets them allocate a separate network for guests in a home.
The antenna design on OnHub routers and its integrated software are designed to constantly search airwaves for the fastest connections to ensure optimal performance, according to Google. Recently, Google announced a partnership with Philips Lighting as a result of which users can now use their OnHub app to control Philips’ Hue Lights in the home.
The company currently offers two OnHub models. One is from Asus and retails for $199.99, while the other is from TP-Link and sells for $179.99.
In a post on Google’s Security Blog this week, the company’s security engineering manager, Chris Millikin, outlined several features in OnHub that he claimed go beyond what is available on typical home routers.
Primary among them is the support in OnHub for automatic updates. Unlike most home routers and other network-enabled consumer devices, OnHub is designed to automatically receive and download software updates when they become available, Millikin said.
The capability is crucial for ensuring that regular maintenance fixes and security patches are applied to OnHub devices in timely fashion to mitigate risk of malicious exploitation. The automatic software update capability allowed Google to apply a critical security patch to its entire fleet of installed OnHub devices in just two days earlier this year without any user action, the engineering manager said.
OnHub devices also feature a Verified Boot capability similar to what’s available in Google’s Chromebooks and mobile devices running Android Nougat, the latest version of Google’s mobile operating system. The feature prevents OnHub devices that may have been compromised from booting up to ensure the malware does not cause further damage to the device.
In addition, Google engineers track the origins of all the chips, drivers and firmware that go into OnHub so the company is quickly able to zero in on the source of a problem, if one crops up, Milliken said. The same sort of due diligence is applied to ensuring that all open-source components used in OnHub are verified as being safe.
Google also harvests anonymized data from installed OnHub devices in order to be able to detect and respond to security threats quickly. “For example, since we know that DNS is often a target of attacks, we monitor DNS settings on all OnHub routers for activity that could indicate a security compromise,” Milliken said.
Google’s decision to open up about the security features in OnHub comes amid concerns that attackers are increasingly targeting insecure home routers.
In an alert last December, US-CERT warned consumers that the default configurations in most home routers are leaving home networks open to attack. “Home routers are directly accessible from the Internet, are easily discoverable, are usually continuously powered-on, and are frequently vulnerable because of their default configuration,” US-CERT noted in its alert. The characteristics make home routers the perfect target for cyber-attackers, it said.
Just last week, security blogger Brian Krebs said compromised home routers and other internet of things devices were used by an unknown attacker to launch what security experts have described as the largest ever distributed denial-of-service attack ever seen. The 620G-bps attack forced Krebs to take his site offline for several days.