Hackers decrypt the Wi-Fi code within one minute and steal user information.
The national Internet emergency center (CNCERT) warned last weekend that a variety of mainstream router products currently on the market have backdoors, which may be controlled by hackers and cause personal information leakage. Recently, some netizens demonstrated how to use hacker software to crack the Wi-Fi password of A vro within one minute and steal Weibo accounts and online banking information within five minutes.
Mainstream vro brands such as Cisco have been exposed to have backdoors, and many mainstream vrouters have backdoors.
Last weekend, the national Internet emergency response center (CNCERT) published the "2013 Internet Network Security Situation summary in China", showing that there are backdoors to the router products of many manufacturers, attackers may be able to control this vulnerability, endangering online security.
According to the report, the National Information Security Vulnerability sharing platform (CNVD) analysis and verification, D-LINK (youxun), Cisco (Cisco), Tenda (Tenda) vro products of many manufacturers, such as Linksys and Netgear, have backdoors. Hackers can directly control the vro and initiate DNS (Domain Name System) hijacking, information theft, phishing, and other attacks, directly threatening users' online transactions and Data Storage Security, turning related products into security "mines" that can be detonated at any time ". Taking some router products in D-LINK as an example, attackers can obtain full control of the router by using the backdoor. CNVD analysis found that the D-LINK router affected by the backdoor has at least 12 thousand IP addresses on the Internet, it affects a large number of users.
According to the national Internet emergency center, CNVD promptly reported threats to relevant vendors and issued warning information to the public. However, as of the end of January 2014, some vendors had not yet provided security solutions or upgraded patches. "Vrouters and other network devices are often invisible as public outlets, but their security not only affects the normal operation of the network, but also may cause leakage of enterprise and personal information ."
The so-called backdoor is generally a program that is not known to outsiders in the software for some purpose. through the backdoor, attackers can bypass the security mechanism of the software to directly obtain control permissions. Some insiders of telecom equipment manufacturers told reporters that some router manufacturers reserve a super management permission on their products to facilitate future debugging and detection when developing finished products. Generally, this super management permission is not easily discovered by outsiders, but once discovered and cracked by hackers, it means that hackers can directly remotely control the vro.
User Demonstration: 5-minute social Account Control
Recently, the netizen "Evi1m0" demonstrated a routerjacking case, simulating a "hacker" using the cracking software downloaded for free on the Internet, using only "drinking a cup of coffee, successfully logged on to the neighbor's Wi-Fi network.
At the reporter's residence, "Evi1m0" opened a password cracking software on his computer. In the 33 wireless networks that he found, he clicked on the Wi-Fi account in his home, import the password dictionary to start cracking. About a minute later, the software was marked with red characters below it, which was exactly the same as the Wi-Fi password set by the reporter. Then, the software connected the network with its own mobile phone and vro.
After the network is connected, he opens a hacker software and enters the WEB management interface of the router. All electronic devices connected to the WIFI are displayed. He "hijacks" Weibo posts that have been logged on to one of the computers. The hacker software management interface on his mobile phone immediately generates a Weibo website. He only needs to click, without account and password, the mobile phone will automatically log on to the Weibo personal account of the web version, and can freely publish and delete personal information.
Reporters found that the entire process was less than five minutes. "Evi1m0" indicates that the hacker software can also automatically record all account passwords entered by the other party, including personal online banking information.
Backdoor or reserved by manufacturer
"Vro hijacking happens every year, but major manufacturers often fix it only when vulnerabilities are exposed, at ordinary times, technical personnel are not invited to detect vulnerabilities in product firmware. Security Awareness in the industry is insufficient." A senior person from a router manufacturer said.
Some experts pointed out that users are responsible for failing to change the vro's initial password in a timely manner, but the vro manufacturer also has an unshirkable responsibility: "The manufacturer should assign a random password to the vro when the product leaves the factory, instead of simply setting a weak password like 12345."
But what worries more is the product itself. Wang chuyun, founder of polar routing, told reporters that the mainstream products of router manufacturers currently have a super management permission. In the case of weak security measures, this provides the greatest convenience for hackers to hijack routers.
"Many traditional vendors generally reserve this permission for future detection and debugging purposes during product development. However, this is similar to the Android system. Once hackers exploit the vulnerability to gain the administrator privilege, all the protection measures are as false ."
Among its many mainstream router products, D-link, a well-known manufacturer, has left such a serious backdoor. "The vulnerability we detected is that using a key of roodkcableo28840ybtide, you can log on remotely and easily obtain the management permissions of most D-link routers ." Cosine told reporters that Dlink's firmware was provided by AlphaNetworks, a subsidiary of the US company. Joel is the R & D Technical Director of the company, after the string is reversed, it happens to be edit by 04482 joel backdoor (the backdoor edited by Joel ).
"This kind of backdoor program left by the manufacturer itself is actually set according to the name of the R & D personnel. It is too obvious that it is entirely possible that the manufacturer intends to do it ."
According to a copy of data from ZoomEye, around 63000 D-Link users are using this defect globally, covering China, the United States, Canada, and Brazil. In China, about 100,000 TP-Link routers have backdoor defects, resulting in millions of affected users.
Many foreign manufacturers directly purchase chips and do not pay enough attention to security.
Youxun, tengda, Cisco and other foreign big-name routers have many users in China. The news about security vulnerabilities in Routers worried them. "Wangmit" said: hurry to change the domestic brand.
However, some netizens said that the security vulnerability in the vro is not a manufacturer error. "Although I do not know much about the technology, the backdoor is not reserved by the manufacturer, but is exploited by undesirable elements to implant Trojans and patch the software." Fabrice said ".
According to industry insiders, vro firmware, as an embedded operating system, is rarely valued on home gateways and other civil devices, all major router manufacturers purchase mature solutions from chip manufacturers in the upstream region and third-party software companies, and carry out secondary development on this basis.
"Well-known manufacturers such as TP-Link and tengda have basically bought firmware from third-party companies and made secondary development on the systems provided by chip manufacturers. When providing products, chip manufacturers such as Broadcom and MTK will also integrate a relatively basic underlying operating system to fully demonstrate all the functions of the chip, let each vendor take it back for development. However, many vendors directly buy a system to save trouble and then bring it to the market after slight adaptation ." A vro vendor said.
At present, major manufacturers pay more attention to the security protection of enterprise-level high-end equipment. The household gateway market with a large volume of shipments is often taken lightly: "However, hackers have been focusing on this niche system since last year, which was never imagined by major vendors before."
According to this person, the cost of such a router operating system is low. The cost is calculated based on the authorization fee. The system cost of each device is less than a few cents, manufacturers with huge shipments can even talk about billing by minute. "This is the root cause of the problem. Because everyone uses firmware solutions from those companies, once a vulnerability exists, no one can run it ."
Reminder: How can I prevent a vro from being hijacked?
In daily life, how do citizens prevent the increasingly serious security problems of router hijacking? Expert tips:
1. vro Administrator Logon account and password. Do not use the default admin account. You can change it to a letter with a high-strength password;
2. Select the WPA2 encryption authentication mode for the Wi-Fi password. The password length must be more than 10 characters, preferably a combination of uppercase and lowercase letters, numbers, and special characters, this will greatly increase the difficulty of hackers cracking passwords against the Internet;
3. Change the default Management IP address of the vro to a Special IP address. Enable the MAC address filtering function of the vro to allow access from only known devices;
4. install security software with arp lan protection to prevent hacker hijacking;
5. log on to the vro management background to check whether devices you don't know are connected to WIFI. If yes, clear the devices in time;
6. Do not tell untrusted people your wireless password;
7. Do not "jailbreak" or "ROOT" mobile devices to connect to wireless networks with unknown routes;
8. Disable the vro WPS/QSS function.