Are there any incomplete settings? Defenseless Wi-Fi routers are targets that attackers can take advantage of

The Wi-Fi router of almost all homes that can use the Internet. Most of these small boxes are covered with dust in the corner of the house. Few people will notice that this small, defenseless router is the entrance to all network devices, including interconnected homes.

Devices connected to the Internet, such as laptops, mobile phones, security cameras, TV, etc., are connected to the Internet and local networks through the router. But did you know that the biggest threat to home networks is already on the gatekeeper's router? Attackers can pierce vulnerabilities in routers, hack into home networks, and attack connected vulnerable devices.

Last two months, we scanned more than 4.3 million routers around the world. The results show that 48% of the routers have vulnerabilities. Today's security environment around routers is reminiscent of PC in the 1990s because it discovers simple vulnerabilities every day.

Why is the home Wi-Fi router the biggest vulnerability?

Compared with business use, home Wi-Fi routers are more vulnerable and vulnerable to attack. This is because Internet service providers (ISP), router manufacturers, and security communities have been negligent in identifying, investigating, and addressing these weaknesses.

Router manufacturers must control their prices as much as possible, while taking into account both retail dealers and ISP. If it is a cheap home Wi-Fi router, you can buy it for about $20. Many manufacturers buy "SoC" software launched on routers, but are unlikely to fine-tune them. In other words, not investing in software lifecycle management means that updates that are needed will not be provided. It can be said that at least hundreds of thousands of routers are still fragile software that can be used while having problems.

On the other hand, there is ISP. Many ISP provide routers that they are familiar with so that they can easily troubleshoot customers when problems occur.

Nor can the update of router firmware say that both the router manufacturer and ISP fully support customers. None of them provides a mechanism to automatically update router firmware when security patches are made public, and users need to log in to the router's management screen to update the firmware. However, the process itself is a problem.

Two out of every five Japanese do not know that the router is equipped with a management screen, and they can confirm and change the router settings by logging in. A survey conducted by Avast from November 30 last year to January 10 this year also showed that more than half of home routers used ID and passwords originally set up such as "admin" / "admin" and "admin" / "password".

In this survey, I would like to introduce a worrying result. In Japan, only 1/3 of people have updated router firmware, and only one in 10 people log on to the management screen at least once a week or at least once a month to confirm the update. Perhaps most ordinary consumers don't even realize that routers need to be updated. Many people will think, smart TV will update automatically, why should the router update itself?

What is the danger of home Wi-Fi router

When an attacker invades a home Wi-Fi router, the entire home network and all devices on the network are threatened by hackers. Attackers can do a lot of bad things by abusing routers. Let's specify the risks and possible attacks in the home Wi-Fi router.

DNSハイジャック - 攻撃者が訪問ページを決定可能に

Domain name Service (DNS) is a service developed to eliminate the need to remember IP addresses that computers use to communicate with each other on the network. For example, storing 173.194.44.5 is google.com is cumbersome, so if you enter google.com in the address bar, it is the structure of the server connected to that IP address. The computer requires a specific DNS server to translate this name to an IP address.

The address of the DNS server is usually provided automatically by the user's ISP, but can also be changed manually. If the attacker has access to the router, the address of the regular DNS server can be changed to the address of the malicious DNS server. When making such a change, the user is not sure whether the open page is normal or not. Its name may also point to a completely different server controlled by the attacker, and the attacker may have built a fake Web site exactly like a regular website.

If a user visits a site that does not use a secure HTTPS, it is impossible to tell the difference. When the credit information is entered into such a fake page, the credit information is passed directly to the attacker. In some cases, when you visit a fake HTTPS site, the browser will warn the user that something is wrong.

ボットネット - ルータが兵士となり、他者を攻撃

On many routers, some remote access features are valid in the initial setup. A common way to access a router remotely is to use a containment shell (SSH) server, a Telnet server, and a Web interface.

If the user does not change the password set initially, and the remote access service can be used from the Internet, it becomes a fixed door. Besides, anyone can open this. When an attacker guesses a regular username and password combination (which is extremely easy considering that the initially set passwords are exposed on the Internet), the attacker can install any program on the router.

If the selected program is a malicious robot, the router may become part of the Internet to perform distributed Service interference (DDoS) attacks, send spam, attack other routers on the Internet, and so on.