Indian consumers who practice poor router security are at high risk from cyberattacks designed to take over their connected devices, steal passwords and gather other sensitive personal information, a study has revealed.
New research from digital security provider Avast carried out July, polling over 1,044 consumers in the country states that 32 per cent of Indians have never logged into the web administration interface to change the factory login credentials.
Another finding is that nearly one fourth (23 per cent) of Indians have logged into their router’s web administration interface, but continue to use the default login credentials their router came with, the study said.
According to the research, only 44 per cent of Indians have changed the login credentials of their router’s web administrative interface. Of those who logged into their router’s web administration interface, 65 per cent surveyed have never updated their router’s firmware.
The research was carried out to better understand the public’s knowledge of router security which is often overlooked as people pay more attention to the devices they are using, it stated.
In May, an estimated seven lakh routers around the world were diagnosed as vulnerable to malware with SSL stripping capabilities. Known as VPNFilter, this modular malware contains man-in-the-middle (MiTM) attack capabilities designed to inject malicious payloads into web traffic, the study said.
It has the capability to scan incoming and outgoing web traffic on the user’s network to collect passwords and other sensitive information. To date, routers in 54 countries are affected, including Linksys, NETGEAR, D-Link, Huawei and Asus models, it added.
It was also recently reported that the Satori botnet, a botnet that infects IoT devices using them to carry out DDoS attacks and to mine cryptocurrencies, is spreading by exploiting a vulnerability in D-Link DSL routers.
The research illustrates how attacks can take advantage of people’s lack of understanding of router security. Thirty-three percent of Indian consumers admitted to logging into their router’s interface once a year or less to check for updates, while 39 per cent said they had no idea their routers even had firmware – the pre-programmed software etched into hardware which requires updating to incorporate security patches.
“An individual’s local network is only as strong as the weakest link in the chain, and more often than not it is the router that is the greatest point of vulnerability, As a bare minimum, people should be changing the default usernames and passwords on their routers as soon as they’re installed, and proactively check for firmware updates,” said Security Researcher at Avast, Martin Hron.