We all know very well that how the last internet suffered due to massive attack which clearly showed that many devices that are spread over the Internet can be used for improper purposes. Hence, a study report showed that at least 15% of home routers are vulnerable to such attacks.
Study Report: At Least 15% Of Home Routers Are Unsecured
The attack for which the Internet suffered last Friday showed clearly that many devices that are spread over the Internet can be used for improper purposes.
These devices are vulnerable and may easily be used to make attacks. The problem is so large that 15% of routers can be attacked by using simple passwords and not only that they are easily guessable as well.
A study by ESET evaluated 12,000 home routers in which they found security flaws that their users were not aware of them.
Weak Passwords On Routers
The most common flaw, which affects 15% of this devices due to the use of weak passwords and can be guessed easily, avoiding having to resort to more complicated attacks. Also, the username most used is the well-known “admin”, which leads to that is very simple to enter these devices and then use them to carry out attacks on the Internet.
To add to this easy access to the management interfaces, other services are exposed and they also have simple access passwords and users with elevated permissions.
But apart from this problem, there are gaps in the implementations of services, which makes them vulnerable and exposed to attack. The study found that the vast majority of these routers, over 50% have problems with access permissions.
The second biggest problem found, 38%, is the possibility of being injected commands in the routers, which then provides access to protected areas. Finally got the XSS problem (cross-site scripting).
Finally, ESET’s study also revealed some very basic flaws, easily detected with a simple search of open ports on the device as, many services are accessible over the Internet and have flaws. Among all the most glaring was the telnet, which was present in 20% of the devices.
The security measures are well known, so, simply use strong passwords and restrict access to all non-essential users. However, the ongoing updates and vulnerability research is something that should also be done periodically to avoid all this type of attacks.