Recent News - ESET analysis: At least 15% of home routers unsecured


2016-10-20

As a part of BETA versions of ESET Internet Security, ESET introduced a new feature, Home Network Protection. This feature has enabled users to scan their home routers for vulnerabilities, malicious configurations, exploitable network services and weak passwords.

Since its release in April, ESET has tested more than 12,000 routers of users who agreed to share their data anonymously with ESET for statistical purposes.

The analysis shows that almost 7% of the routers tested demonstrated software vulnerabilities of high or medium severity. Port scanning revealed that in many cases network services were accessible from internal as well as from external networks.

“In particular, unsecured services such as Telnet shouldn’t be left open, not even to local network, which was – unfortunately – the case with more than 20% of the routers tested,” says Peter Stančík, ESET Security Evangelist.

The results also prove that 15% of the routers tested used weak passwords, with “admin” left as the username in most cases.

“During the test, we tried common default usernames and passwords and also some frequently used combinations. It’s disturbing that more than one in seven of such simple simulated attacks was successful,” comments Stančík.

Most of the software vulnerabilities – slightly over 50% - that were discovered during testing by ESET Home Network Protection were bad access rights vulnerabilities.

The second most frequent vulnerability (40%) discovered by the ESET Home Network Protection test was a command injection vulnerability. Command injection aims for the execution of arbitrary commands on the host operating system via a vulnerable application, largely with insufficient input validation.

Nearly 10% of all the software vulnerabilities found were so called cross-site scripting (XSS) vulnerabilities that enable attackers to modify router configuration in order to be able to run a forged client-side script.

“The results collected by ESET Home Network Protection during BETA testing of ESET security solutions clearly show that routers can be attacked fairly easily, by exploiting one of the frequently found vulnerabilities. This makes them an Achilles heel for the overall internet security of households as well as small businesses,” adds Stančík.

On top of scanning routers and testing them for common vulnerabilities, ESET Home Network Protection also provides an easy-to-access overview of devices connected to a local network, categorizing them by type and time of connection. This helps ESET users to see how safe their networks really are.

 


 

About ESET
ESET®, the pioneer of proactive protection and the maker of the award-winning ESET NOD32® technology, is a global provider of security solutions for businesses and consumers. For over 26 years, the Company continues to lead the industry in proactive threat detection. By obtaining the 80th VB100 award in June 2013, ESET NOD32 technology holds the record number of Virus Bulletin "VB100” Awards, and has never missed a single “In-the-Wild” worm or virus since the inception of testing in 1998. In addition, ESET NOD32 technology holds the longest consecutive string of the VB100 awards of any AV vendor. ESET has also received a number of accolades from AV-Comparatives, AV-TEST and other testing organisations and reviews. ESET NOD32® Antivirus, ESET Smart Security®, ESET Cyber Security® (solution for Mac), ESET® Mobile Security and IT Security for Business are trusted by millions of global users and are among the most recommended security solutions in the world.

ESET recently updated its two-factor authentication (2FA) application, adding a secure validation to weak and static user passwords. This updated version of ESET’s 2FA application provides flexibility and deeper integration of 2FA into bespoke applications, making it the best cost-effective solutions for SMBs everywhere.

The Company has global headquarters in Bratislava (Slovakia), with regional distribution centers in San Diego (U.S.), Buenos Aires (Argentina), and Singapore; with offices in Jena (Germany), Prague (Czech Republic) and Sao Paulo (Brazil). ESET has malware research centers in Bratislava, San Diego, Buenos Aires, Singapore, Prague, Košice (Slovakia), Krakow (Poland), Montreal (Canada), Moscow (Russia) and an extensive partner network for more than 180 countries. For more information visit http://eset.version-2.sg/ or follow us on Facebook.

 

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. Headquartered in Hong Kong, the Company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which includes Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

For more information, please visit www.version-2.com.sg or call (65) 6296-4268.

Previous News Next News

Return to the previous page