BENGALURU — Indians lack knowledge about router security practices, which makes them vulnerable to cyberattacks that are designed to gather sensitive information, according to a research report by Avast, a global leader in digital security products.

The research report was based on a survey carried out in July 2018 covering 1,044 consumers in India on their knowledge on router security.

The research report stated that around 32 per cent of people have never logged into the web administration interface to change the factory login credentials. About 23 per cent have logged into their router’s web administration interface but continue to use the default login credentials their router came with. Only 44 per cent change the login credentials.

Of those who logged into their router’s web administration interface, 65 per cent surveyed it was indicated that they have never updated their router’s firmware.

About 33 percent of Indian consumers admitted to logging into their router’s interface once a year or less to check for updates, while 39 per cent said they had no idea their routers even had firmware - the pre-programmed software etched into hardware which requires updating to incorporate security patches.

According to the report, an estimated 700,000 routers around the world were diagnosed as vulnerable to malware with SSL stripping capabilities last May. Known as VPN Filter, this modular malware contains man-in-the-middle (MiTM) attack capabilities designed to inject malicious payloads into web traffic.

It has the capability to scan incoming and outgoing web traffic on the user’s network to collect passwords and other sensitive information.

According to the report, routers including Linksys, NETGEAR, D-Link, Huawei and Asus models are affected in 54 countries.

“An individual’s local network is only as strong as the weakest link in the chain, and more often than not it is the router that is the greatest point of vulnerability,” said Martin Hron, Security Researcher at Avast, in a press statement.

“The router is frequently misunderstood or overlooked, but it’s arguably the most important device as it acts as the gateway to the internet,” Hron stated.

Today, everybody wants to connect multiple devices and allow them to share data with one another while managing incoming and outgoing web-traffic. Hence this becomes a natural target for people wanting to gather sensitive personal information, such as bank login details. They are able to easily enter into the other devices paired to it.

“As a bare minimum, people should be changing the default user names and passwords on their routers as soon as they’re installed, and pro-actively check for firmware updates,” Hron pointed out.

— Sufia Tippu is a freelance tech journalist based in India contributing to EE Times India