Security of Hong Kong Home Routers

HKCERT published a security blog article "Some Home Routers in Hong Kong prone to security issues" in March 2015. This article aroused broad attention and we solicited some comments from the IT industry. We have enhanced the data collection methodology, with a more objective way to select brands of routers and a more precise filtering, to ensure the results reflecting more the reality.

HKCERT conducted a second study on 18 May, 2015 (after the three months of first study) using the new methodology, and to analyze the same three areas:

1. Commonly used Home Routers in Hong Kong that can be discovered by scanning,
2. Discovered Home Routers with remote management service opened, and
3. Discovered Home Routers with file transfer service opened.

Due to the use of a different method to collect data, the first area of analysis cannot be directly compared with the previous study. The second and third areas of analysis which are not directly associated with data collection methods, can be compared with the previous study.

1. Commonly used Home Routers in Hong Kong than can be discovered by scanning

We chose ten Hong Kong common home routers brands and one open source firmware, DD-WRT. The following result was obtained:

The result was similar -- Linksys, Asus and DD-WRT were the first three brands, but with Asus rising to the second place, and DD-WRT dropped to the third place.

2. Discovered Home Routers with remote management service opened

It was found that some routers had TCP 22 (SSH) port opened (SSH is usually used for remote management) amongst the 22,261 routers.

The figure obtained in this study is close to the previous study. The percentage of closed SSH service slightly decreased by 4% (from 74% to 70%), and opened SSH service rose to 30%.

Because SSH requires username and password to login, hackers can use brute-force attack to attempt to get an administrator account access. Once successful, he can modify the settings of and install additional tools on the router. Then he can use the router to launch network attacks or steal personal information.

In fact, the official firmware of most home routers does not provide SSH service. Why were there a lot of SSH services discovered? We estimated that these routers probably have  the firmware replaced by open source DD-WRT. Some DD-WRT firmware versions might have TCP 23 (Telnet) or TCP 22 (SSH) open by default.

3. Discovered Home Routers with file transfer service opened

It was found that some routers had TCP 21 (FTP) port opened (FTP is usually used for file transfer service) amongst the 22,261 routers.

The result was close to the last study, with a difference of 3%.

Because FTP requires only username and password to login, hackers can use brute-force password attack on the router. If successful, the hacker can place any files in the router, including malware and botnets configure file.

So of these services might be still using the out-of-box passwords, so hackers could hack it without much efforts.

4. Recommendations

Security of home routers is often overlooked. Majority of the users leave them on after first installation without ongoing management. Over time, the problem might appear. HKCERT advises home user to pay attention to the following points:

1. Change the router default password and factory settings to a more secure one.
2. Please check the manufacturer for firmware update and update router regularly.
3. Unless it is definitely required, do not expose the management page or any remote management services to the Internet.
4. Turn off all unusual or unnecessary services (such as file transfer, virtual private networks, web server, etc.).
5. If the manufacturer has stopped support for the router model, you should consider replacing with models that has continuous support.
6. Please do not convert to open source firmware, unless you possess the knowledge to manage it.

 If you interest the first analysis result (Data collection date on 13 February , 2015), you can access the following link:

/my_url/en/blog/15032502