Is your home "router" okay? Be careful with high risk of cyber attacks

According to a security company's investigation into the device "router" used for wireless connection of personal computers, about 190,000 devices in Japan are in a state where they can be accessed from the outside via the Internet, and nearly 140,000 of them are already supported. I found that it was closed or not updated to the latest software.

Security companies warn that they are at high risk of being exposed to cyber attacks.

In the middle of this month, Tokyo security company "Zero Zero One" conducted a survey of domestic home routers and found that about 190,000 units were accessible from the outside.

When the type of device and software version were determined and analyzed from the communication reaction when trying to access, there were 6 devices for which the manufacturer has ended support or the software has not been provided for more than a year. It turned out that there are 6,757 devices and 94,070 devices whose software has not been updated to the latest version.

Excluding duplication, the number of such vulnerable devices is close to 140,000, which means that there is a high risk of being attacked by cyber attacks.

According to Zero Zero One, if these vulnerabilities are exploited, the router may be operated without permission or information may be stolen.

It can also be used as a "stepping stone" for DDoS attacks that are infected with malware and hijacked, sending large amounts of data all at once to bring down the system.

Yuichi Hagiwara, president of Zero Zero One, said, "I don't think many people think that the management screen of their router can be seen by anyone if they access it from the Internet. Be especially careful if you are using it. Do not continue to use it without changing the simple initial password. "

Victim woman "If it's an old defect ..."

A woman in her 40s living in Tokyo who was damaged by rewriting the connection destination of the router installed at home in 2018 said, "Suddenly my computer could not connect to the Internet, and at first I thought that the provider's failure occurred, but that's right. I didn't have any information and I didn't understand the reason. I was working from home, but I couldn't do it anymore. "

When a woman tries to connect to the Internet with a computer, "Privacy is not protected" is displayed on the screen, it is not possible to connect to the Internet, or malware that steals information that runs on an Android smartphone is downloaded. am.

She thought she was due to the router because she was able to connect to the internet normally using a wired LAN, and when she investigated, she noticed that the router software was out of date. That is.

She says that the woman was able to use the router in about three days by updating the software to the latest version, changing the password etc. and restarting.

The woman told the interview, "At that time, I didn't realize that there was a cyber attack from the outside, I just thought that the software was out of date and something went wrong. It was creepy to know that it was a cyber attack. I would like to consider replacing the router. "

Expert "Routers are always aimed"

If the router is vulnerable, it may infect malware, gain unauthorized access to the management screen, and even steal information.

We asked the research group of Associate Professor Katsunari Yoshioka of Yokohama National University to verify what kind of danger there is in a laboratory that imitates a living room.

The experiment used was a home router that was accessible from the outside and had the default settings so that the ID and password could be easily guessed.

First, when I connected the computer in the laboratory to the router and accessed the homepage of Yokohama National University, I was able to open the top page without any problems.

Next, I accessed this router from a computer in another room with the default ID and password, and rewrote the information so that the connection destination that normally connects to the provider's server is connected to another server prepared for the experiment.

When I tried to access the homepage of Yokohama National University from the laboratory computer again, the website for the experiment was displayed even though I was connected to the same URL.

In this way, the method of rewriting router information from the outside and guiding it to an unauthorized site to download malware to smartphones and steal information has been damaged one after another in Japan around the beginning of 2018, and router manufacturers are calling attention. I am doing.

According to Kaspersky Lab, an information security company, more than 92,000 attacks attempting to rewrite the information of the router's connection destination have been detected in the six months from August last year to this month.

The settings may be changed so that another IoT device such as a printer or WEB camera connected to the router can be operated from the outside from the management screen of the router.

In the experiment, lighting fixtures equipped with IoT technology that can be operated with smartphones were accessed from the outside and turned off all at once.

According to Associate Professor Yoshioka, in 2013, the vulnerabilities of routers were exploited to steal the authentication information of Internet service providers, disguising access from overseas as if it were from Japan, and being used for cyber attacks in Japan. It means that it was one after another.

Associate Professor Yoshioka said, "In our past experiments, when a router with weak security was connected to the Internet, the shortest one was infected with malware within 1 minute. First of all, the router is always targeted by cyber attacks. It's important to get people to recognize it and make sure that the firmware is up to date. "

How to use it safely?

3 measures

Associate Professor Katsunari Yoshioka of Yokohama National University explained that as a measure to safely use a home router,

(1) change the simple ID and password of the initial settings

(2) keep the software up-to-date

(3). For devices that are no longer supported,

we list three things to consider replacing.

Associate Professor Yoshioka and his group have launched a service called "amI infected?" That allows you to easily check whether your home router is vulnerable to cyber attacks and whether you are already infected with malware for free. rice field.

When you access the dedicated website through the router you want to check and press the "Start infection diagnosis" button, the router information is owned by the security company's vulnerability information detection system and Yokohama National University and the Information and Communication Research Organization. It is diagnosed by collating with the database of infection information of the Malware.

In addition to knowing vulnerabilities such as the software being out of date and old programs running that could trigger malware intrusion, it is also possible to diagnose whether or not you are already infected with malware. The results will be sent to the registered email address.

If a vulnerability is found, you will be notified by e-mail about specific measures to be taken, and the person in charge of the research group will respond to individual inquiries.

If an infection to malware is found, we would like you to take measures such as restarting the router to remove the malware and keeping the software up-to-date so that it will not be infected again.

Associate Professor Yoshioka said, "Because routers often continue to operate even after being attacked, they often do not notice. We launched the service with the hope that university research will actually help improve your security. Therefore, I would like you to check it out. "