Mountain View, Calif., April. 22, 2015 – Bkav Internet Security Corporation today releases an independent research which indicates 1.4 million routers worldwide are left unpatched against two long unearthed critical flaws. Dubbing it Pet Hole, Bkav says the issue is more dangerous than Heartbleed, the most notorious flaw of the year 2014.
Several security flaws in routers have been discovered and published widely. Many of them, rated critical, allow attackers to remotely take control of the system. However, no thorough fix has been made available, not to mention updating patches for routers is inherently much harder than updating software. Several users' routers might have not been patched at all. This inspired Bkav to conduct a research to examine security of 10,452,216 potentially vulnerable routers worldwide, and to provide users with a thorough and simple fix for the issue.
Below are the key findings of the research, which was carried out in 4 months from December 2014:
- More than 1.4 millions of routers worldwide are vulnerable to Pet Hole
- Indonesia, Egypt, Italy lead in number of vulnerable routers
- Most G8+5 members do not appear in the list of 10 countries with highest number of vulnerable routers
- More than 90% of vulnerable routers are homed in China
- China produces most but not many routers in this country are vulnerable
The research also indicates that Pet Hole is even more dangerous than Heartbleed. While Heartbleed requires expert knowledge in security to be successfully exploited, Pet Hole exploitation only needs basic skill. While it's easy to patch Heartbleed, patching Pet Hole is complicated. According to Bkav, with a few basic instructions, even users with little knowledge in security might successfully attack a vulnerable router without any difficulties.
User being attacked via critical flaw in router
Mr. Ngo Tuan Anh, Vice President of Internet Security, Bkav Corporation, stated: "Router is like the door connecting users to the Internet. More than 1.4 routers are vulnerable is not at all simple, especially when approaching the issue from nations' security. If a nation has conspiracy to track other nations, it can totally carry out the scheme via this gateway."
Bkav has built a tool for users to check the existence of Pet Hole on their routers, as well as to fix the hole. The tool is available at CheckRouter.net.
You can download the full research here.