With the government of India’s recent ban on 59 Chinese apps, the aspect of data security was brought to the fore. This was further coupled with the Maharashtra cyber cell stating a clear rise in Chinese cyber attacks. On this note, the aspect of protecting oneself against Chinese espionage has been underlined as a very important factor that everyone must take note of. To do so, however, it is important to stress upon our home Wi-Fi routers – the most common entry point to all of our data and internet activities. Given that a vast majority of network and telecom equipment, along with routers, are often made in China, the real question at hand is – are your made-in-China home Wi-Fi routers a bigger risk than the ‘Chinese’ apps that have been banned from India for the time being?
Understanding how backdoors work
The key to understanding whether Wi-Fi routers being made in China can pose a security threat lies in understanding what a router backdoor is. Explaining this is Saurabh Sharma, senior security researcher at Kaspersky APAC, who says, “Backdoors provide the author or 'master' of a trojan with remote administration of a victim's machine. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user.”
Why, then, do backdoors exist in routers, if they have posed such a serious threat for such a long time? The answer appears manifold. Sharma says, “It’s not always clear why such a backdoor might exist, but it may have been put there intentionally so that its maker could provide remote support or debugging mechanism for the product during its development process. Companies have done this in the past, and simply forgotten to remove the backdoors later.”
Dr. Sanjay Katkar, co-founder, CTO and joint MD of Quick Heal, delves into more details about this. As he says, “Backdoors are often present in routers from an incidental vulnerability point of view, and it is not that the router manufacturers left it deliberately. But, the make and the manufacturer of a router is very important to consider because in certain countries, many of the manufacturers do work with their governments as well. In such cases, it becomes important to understand whether these backdoors were not patched deliberately by the makers.”
Katkar underlines that studying the nature of backdoors identified in routers of different manufacturers can usually be a good indicator of state-sponsored cyber criminal and espionage activities. “In many of Quick Heal’s studies about state-sponsored attacks, we came to see that the backdoors were not zero day vulnerabilities, or even known to anyone including the manufacturers. It is here that it becomes a question of how did the attackers find the flaw. This is not directly indicating a link between the manufacturer and the government, but is certainly suspicious. In the past, for a number of APT attacks, we have seen the use of a router backdoor that was not known to anyone,” he adds.
Kaspersky’s Sharma states that depending on router makes and firmware, the gravity of threat extended by a router’s backdoor may vary. As he explains, “A backdoor that exploits a previously unknown bug in the system – a zero-day vulnerability – has significantly more chances of flying under the radar. Ordinary security solutions can’t recognise the system infection, and nor can they protect users from the yet-to-be-recognised threat. When this flaw is activated, the backdoor can allow attackers to download further malicious modules or steal data.”
Chinese routers vs Chinese apps
While Sharma declined to comment on any geo-specific threat extended by router manufacturers, he said that at least the perception of state-sponsored attackers are something that many other cyber criminals hide behind in order to bypass cyber security researchers.
Interestingly, Katkar gives a more robust explanation of the extent of the threat that can be extended by routers that are made in China, as against the threat that the banned Chinese apps represented. As he says, “Many backdoors found in Chinese telecom equipment (such as those made by Huawei and ZTE) have been published by developed nations, and security agencies have subsequently introduced patches and other safeguards against them. However, the greater threat here are the state-backed attackers, who may use advanced techniques to tap into any router backdoor manufactured by any router maker worldwide, which is the greater extent of the threat. The purpose, hence, is to use a gateway to tap into your data.”
“However, in case of the Chinese apps that were banned, the issue was that they were storing data of Indian users on Chinese servers, and using this data to serve targeted advertisements. The concern here is that we do not know if the data is being accessed by the Chinese government as well, in which case the problem is bigger,” Katkar sums up.
Underlining this, Katkar says that the key to countering this threat is user education and awareness on cyber security, which Sharma also agrees with.
What you can do
Sharma says that the real culprit here is the dumbing down of the internet setup process by manufacturers. “Router manufacturers and ISPs have been trying to make Wi-Fi set up as easy as possible — and in the security business, we know e-a-s-y spells trouble,” he says.
As part of his recommendations for best practices, Sharma states that users must avoid elements such as one-click easy setup of routers, and go through all the settings for a more secure setting up of home internet services. Among the biggest mistakes that users do include changing the login credentials of the router at home, disabling remote router management from router settings, setting up a separate guest network to avoid sharing your personal SSID details, and enabling the strongest available encryption standard as well as a strong, complicated password for all network purposes.
Finally, both Katkar and Sharma underline the importance of checking for router updates regularly, and applying the security patches to cover any pre-existing zero-day vulnerabilities. Given the frequency at which such threats are detected and reported nowadays, coupled with the threat of state-backed cyber espionage by other nations, it is critical for users to do so.
Comments
0 comment