Millions of Brits could be at risk of cyberattacks due to poor default passwords and a lack of firmware updates
Millions of Brits use Wi-Fi routers that contain
various security flaws and may put them at risk of cyberattacks, an investigation by British consumer watchdog Which? has found.
Together with Red Maple Technologies, Which? looked
at 13 commonly used older router models offered by various British internet
service providers (ISPs) and found that over half of them didn’t meet the
security standards of today. The main issues affecting routers suplied by ISPs
such as Virgin, EE, Sky, TalkTalk, and Vodafone were weak default passwords,
local network vulnerabilities, and the lack of firmware updates to patch
security loopholes.
“Some of these models haven’t seen an update since
2018 at the latest, and some haven’t been updated since as far back as 2016,
which could affect 6 million of these users. Without firmware and security
updates, there’s no guarantee that security issues will be fixed,” wrote
Hollie Hennessy, Senior Researcher at Which?. Weak default passwords and a lack
of firmware updates affected seven devices in total, while local network
vulnerabilities were found to affect just one.
A router that has an easy-to-guess and/or
default password could grant malicious actors a way into your
home network and the devices connected to it. You should always replace your
router’s default username and password with a strong
and unique password or passphrase.
Meanwhile, routers that have out-of-date firmware
oten contain easily exploitable vulnerabilities. If your router doesn’t receive
firmware updates to plug such security flaws, you are best off arranging an
upgrade of your device with your ISP or buy an aftermarket device.
When it comes to exploiting local network
vulnerabilities, a hacker would have to be in close vicinity to exploit a
device; however, if successful, they could completely take over the device,
observe your browsing habits or even direct you to compromised websites.
On the bright side, some routers, namely some
offered by BT and Plusnet, didn’t suffer from any of the aforementioned lapses
in security. The full list of the routers tested is available on the website
of the consumer wachtdog.
Which? contacted the ISPs with the findings of
their investigation. While BT Group said that its older routers would receive
updates if they were found to be affected by security issues, its EE Brightbox
router has a vulnerability that remains unfixed. Meanwhile Virgin Media, “did
not recognize or accept” the consumer watchdog’s findings, saying that nine in
ten of its customers were using its latest routers.
Same old story
Overall, the study’s results bring echoes of some
other studies, including the Home
Router Security Report 2020 by Germany’s
Fraunhofer Institute last year, a test
by Independent Security Evaluators in
2019, and a review by the American
Consumer Institute in 2018.
Router security has been a perennial problem, and
it has become an especially important consideration since the COVID-19 pandemic
forced most professionals to work from outside the generally
much safer confines of the office. To mitigate
the chances of your router and connected devices getting compromised by
cybercriminals, you can refer to our article focusing on tips
for boosting your router security. While
you’re at it you might want to go over our recommendations for reviewing
your router’s configuration settings.