Mountain View, Calif., April. 22, 2015 – Bkav Internet Security Corporation today releases an independent research which indicates 1.4 million routers worldwide are left unpatched against two long unearthed critical flaws. Dubbing it Pet Hole, Bkav says the issue is more dangerous than Heartbleed, the most notorious flaw of the year 2014.
Several security flaws in routers have been discovered and published widely. Many of them, rated critical, allow attackers to remotely take control of the system. However, no thorough fix has been made available, not to mention updating patches for routers is inherently much harder than updating software. Several users' routers might have not been patched at all. This inspired Bkav to conduct a research to examine security of 10,452,216 potentially vulnerable routers worldwide, and to provide users with a thorough and simple fix for the issue.
Below are the key findings of the research, which was carried out in 4 months from December 2014:
- More than 1.4 millions of routers worldwide are vulnerable to Pet Hole
- Indonesia, Egypt, Italy lead in number of vulnerable routers
- Most G8+5 members do not appear in the list of 10 countries with highest number of vulnerable routers
- More than 90% of vulnerable routers are homed in China
- China produces most but not many routers in this country are vulnerable
The research also indicates that Pet Hole is even more dangerous than Heartbleed. While Heartbleed requires expert knowledge in security to be successfully exploited, Pet Hole exploitation only needs basic skill. While it's easy to patch Heartbleed, patching Pet Hole is complicated. According to Bkav, with a few basic instructions, even users with little knowledge in security might successfully attack a vulnerable router without any difficulties.
Mr. Ngo Tuan Anh, Vice President of Internet Security, Bkav Corporation, stated: "Router is like the door connecting users to the Internet. More than 1.4 routers are vulnerable is not at all simple, especially when approaching the issue from nations' security. If a nation has conspiracy to track other nations, it can totally carry out the scheme via this gateway."
Bkav has built a tool for users to check the existence of Pet Hole on their routers, as well as to fix the hole. The tool is available at CheckRouter.net.
- Viet Nam cyber security overview in 2017 and predictions for 2018
- New variant of Mirai malware targeting IoT devices in Vietnam
- More than 5,000 Linux system in Vietnam affected by serious flaw Dirty COW
- Malware attacking Vietnam Airlines appears in many other agencies
- Warning on malware hijacking smartphones in fake Pokémon GO
- Luật ATTT mạng số 86/2015/QH13 ra đời năm 2015
- Nghị định 85/2016/NĐ-CP
- Chỉ thị 14/CT-TTg năm 2018
- CT 14/2019, BTTT-CATTT
- Công văn số 2973/BTTTT-CATTT năm 2019 Hướng dẫn triển khai hoạt động giám sát an toàn thông tin trong cơ quan, tổ chức nhà nước hướng dẫn CQNN
- Công văn số 235/CATTT-ATHTTT năm 2020 hướng dẫn mô hình bảo đảm an toàn thông tin cấp Bộ, Tỉnh.