Started free provision of "am I infected?", A malware inspection service for IoT devices such as home routers.

"Am I infected" top page

This service is a free service that allows users to inspect and take countermeasures by themselves whether IoT devices such as home routers and smart home appliances are infected with malware or used in a vulnerable state. The test results will be sent to the email address entered by the user within 5 minutes, and we will inform you about recommended measures in case of suspected malware infection or if the IoT device is in a vulnerable state. (* 1) Malware is an abbreviation for "malicious software" and is a general term for programs that cause infected devices to operate illegally and harmfully. ■ Background of service provision The Yokohama National University Information and Physical Security Research Center has been conducting research on security measures for IoT devices since 2015. Cyber ​​attacks targeting IoT devices continue to increase (* 2), and in particular, with the spread of the new coronavirus infection, telework has become widespread as a new normal way of working, so home routers, webcams, etc. The importance of ensuring the security of IoT devices is increasing. Malware-infected IoT devices continue to operate unchanged after infection, so even if they are infected, it is difficult for users to notice. Therefore, we have started a service to inspect for malware infection and vulnerabilities with the aim of continuing to use IoT devices at home with peace of mind. (* 2) Ministry of Internal Affairs and Communications: "Recent trends in cyber attacks, observation of cyber attacks by NICT (NICTER)" URL: https://www.soumu.go.jp/main_content/000771974.pdf ■ Overview of this service This service Is a free service that allows users to easily inspect whether IoT devices such as home routers and smart home appliances are infected with malware or are still vulnerable. From the dedicated site (https://amii.ynu.codes/), enter the e-mail address to send the test results and answer the questionnaire about the environment where the test is performed, so that you can use it when you access the website. We will inspect your IP address. The test result will be sent to the email address you entered with a link to the test result page. In the unlikely event that you are suspected of being infected with malware, you will take the measures yourself by referring to the recommended measures on the same page. ・ Cost: Free (no additional charge due to options, etc.) ・ Service URL: https://amii.ynu.codes/ ・ Inquiries: ynugr-cyberpcr@ynu.ac.jp ■ In this service Each role This service includes data from the honeypot (* 3) operated by the Yokohama National University Information and Physical Security Research Center, as well as the data from the IoT search engine "Karma (* 4)" developed and provided by Zero Zero One. We use data from the cyber attack observation and analysis system "NICTER (* 5)" developed and operated by the National Research and Development Corporation Information and Communication Research Organization (NICT). Yokohama National University Information and Physical Security Research Center and Zero Zero One have been conducting joint research on security scans inside and outside Yokohama National University since June 2021, and this service utilizes the results of security scans for IP addresses outside the university. I am. In addition, Yokohama National University participates in CYNEX (Cybersecurity Nexus) (* 6), an industry-academia-government collaboration base established by NICT in April last year, and is a subproject of CYNEX, Co-Nexus S (Security Operation & Sharing). We are receiving NICTER observation data from us. (* 3) The Information and Physical Security Research Center of Yokohama National University operates a decoy system called a honeypot that imitates vulnerable IoT devices and observes attacks. Specifically, we operate a honeypot that imitates the Web interface of IoT devices and a honeypot that operates a vulnerable service called Telnet, and attacks using vulnerabilities in IoT devices and infects IoT devices. We are collecting malware. URL: https://sec.ynu.codes/iot (* 4) Karma is a service that searches for domestic IoT devices connected to the Internet. Detailed device information can be determined by combining the proprietary identification method with information such as the port number and IP address associated with the device, and the Japanese search included in the banner. It is also possible to visualize security risks from existing vulnerability information and device versions. URL: https://www.00one.jp/karma/ (* 5) NICTER (Network Incident analysis Center for Tactical Emergency Response) aims to grasp the overall trend of indiscriminate cyber attacks. It is a cyber attack observation and analysis system that observes unused IP addresses called darknets on a large scale. URL: https://www.nicter.jp/ (* 6) CYNEX (Cybersecurity Nexus) is an organization established in NICT that serves as a node for data and human resource development related to cyber security, and is an organization for cyber security information. We collect, analyze, store, and share. URL: https://www.nict.go.jp/cynex/ ■ Future development By providing this service, further research will be conducted toward solving the root cause of vulnerable IoT devices and effective alerting methods. Use it for development. We will continue to contribute to the realization of a safe and secure society through research on cyber security. [Comment by Associate Professor Katsunari Yoshioka, Graduate School of Environmental Information, Yokohama National University] Various things around us are now connected to the Internet, and threats from cyber attacks and malware infections are increasing. .. In addition, with the spread of telework in recent years, the importance of security for home routers, etc. has become higher than ever. Taking advantage of the research results and knowledge so far, we have created a mechanism to prevent attacks and to be able to notice by yourself even if an infection should occur. Since it can be used free of charge, we hope that many people will use this service and use IoT devices safely and securely. ■ Service usage image

Display example of safe state

Display example when malware infection is suspected

The Information and Physical Security Research Center of Yokohama National University is conducting research to derive countermeasures based on actual observations and analyzes of cyber attacks. The decoy system "Honeypot" attracts cyber attacks, and passive observations that observe in detail and active observations that search for vulnerable systems that are the targets of attacks are used to grasp these situations and perform unique analysis. By clarifying the mechanism, effective countermeasures can be derived. We have observed and analyzed cyber attacks and malware infections in IoT, and ultra-large-scale denial of service attacks, and provided the observation and analysis results to a large number of public institutions, private companies, and research communities. Zero Zero One provides support for IoT device developers to eliminate security concerns at the design stage and prevent unexpected threats, as well as enlightenment activities to ensure safe and secure use of IoT devices. It is a company that does. It was created to eliminate the anxiety of an era when it became commonplace to connect to the Internet with the spread of IoT devices. Our main business is Karma, a search engine that visualizes various information including OSINT, and consulting services for safer product development.