BENGALURU, Karnataka — If you're using Wi-Fi in your home, the Internet connection is very likely 'hacked', and the real question is by whom, and what for, multiple recent studies show.
"Most people aren't tech savvy and don't change the default equipment and the default settings, and this is a real problem," said Saravanan K, a Bengaluru-based consultant working on security solutions for businesses. "You see this all the time with security cameras—people leave the usernames and passwords at the manufacturer setting, and then anyone who knows the IP address can log into them over the Internet. The same is often true with Wi-Fi routers, many people don't understand them at all."
Saravanan works largely with small companies that were doing offline business which are now transitioning to online, and according to him, infrastructure tends to be a major weakness for such companies because the people working there are not trained about security. However, the risks hold for all home Wi-Fi users as well.
For instance, cybersecurity firm Banbreach recently published research showing that nearly 30,000 routers in India are infected with cryptojacking malware, which makes use of your network resources to mine Bitcoin and other crypto-currencies—essentially wearing out your computer, in order to make money for someone else. This number, Banbreach said, has more than doubled in a month, with the numbers in the top three cities growing by 500%.
People leave the usernames and passwords at the manufacturer setting, and then anyone who knows the IP address can log in.
Another study, by Chinese cybersecurity researchers Netlab 360 showed that India has the most home routers infected by BCMPUPnP_Hunter. This malware has created a botnet with over 100,00 routers and uses it to send countless spam emails, and could do even more. China and the USA both have a high number of infected devices, but the number is almost ten times higher in India.
This particular malware affects routers using a chip from Broadcom, which covers most brands sold in the country.
My Wi-Fi router is hacked. So what?
The way a botnet attack works, the person whose router has been infected won't be attacked directly, notes Saravanan. "They're basically using your home as a base of operations to attack other people. So they don't want to take down your computer or do anything else that will get them noticed, they want you to stay online an active," he explained. In such a scenario, is this actually a problem for home users?
"Absolutely. What's happening is that your Internet bandwidth is being consumed, so your streaming might seem slow, or your data limit might be hit sooner than expected, costing you real money," said Saravanan. "And apart from that, the other downside is that attacks like credential stuffing are being powered by your network, and that's going to hurt other consumers like yourself."
But there's not much that the average user can actually do to be safe. "Today, the complexity and variety of attacks is growing rapidly. One of the areas which we've seen a big increase is attacks against APIs, which are much more difficult to protect from, because there's no browser," explained Fernando Serto, head of security technology and strategy at Akamai, a content delivery network and one of the world's largest distributed computing platforms. Akamai sees up to a third of all traffic on the Internet and it has been building a number of different solutions for companies to protect themselves from these kinds of attacks.
The only way that customers can protect themselves is by buying new hardware.
"Botnets have been particularly active in the financial sector and in retail, and today we're offering solutions like device information tracking, machine learning heuristics, and also physical biometrics, such as how you swipe on the screen, or how you type," he said. Consumers on the other hand, don't have the same kind of coverage.
"Big vendor routers are very vulnerable, and there was at least one instance where the vendor promised to release patches after an exploit was found, and then only released one, and that after eight months," he said. "There was research from IBM that said that the only way that customers can protect themselves is by buying new hardware."
The bad guys are getting smarter
It's important to know that these kinds of botnets are growing and spreading, and will affect your other devices too, where the impact can be much more problematic. For example, at the end of 2017, a consortium of tech companies including Akamai uncovered the WireX botnet, which was targeting Android devices. According to Statcounter, Android accounts for 89.7% of all smartphones in India, while iOS covers 2.9%. Firefox OS, Tizen, and others make up the remainder.
"What they did was they offered a software for games on the Play Store to offer ads, and they were in the background also bringing in the malware required to attack other networks. This infected over 120,000 different devices around the world, and was used to DDoS websites."
It's like military escalation. It's a constant game of one-upmanship.
DDoS (Distributed Denial of Service) attacks are—very very simply—when you overwhelm a targeted website by sending thousands of fake visitors per second, until their server can't handle the load and goes offline. "What was smart was, earlier, if your phone was slow, it was getting hot, you would notice something was wrong, and maybe reset the phone, or do a malware scan, or something right?" Serto said. "But what they did was, they would only run when the screen was off, and the phone was on the charger, so that the heating up, and the draining battery, would not be seen."
These changes made the attack much harder to detect by users, and helped it fly under the radar for longer. And these problems are likely to increase over time. "IoT is going to get so much bigger, and although Apple is a more secure ecosystem, it's not foolproof either. Also, right now, the volume is still significantly higher on home hardware, mobile is still a smaller percentage, but that just means there's much more room to grow," Serto said.
"It's like military escalation, you know?" said Saravanan. "Security guys come up with fixes. Then the hackers come up with some way of breaking around that. Then we come up with more fixes and they come up with more exploits. It's a constant game of one-upmanship."