83% of home routers are vulnerable to attack – ACI

83% of home routers are vulnerable to attack

The American Consumer Institute’s (ACI) Centre for Citizen research tested 186 current Wi-Fi routers from 14 different manufacturers each updated to the latest firmware on the manufacturer’s website. A shocking 83% of home routers are vulnerable to attack.

ACI ran Insignary’s Clarity scanning tool. It shows that of the 186 tested, 155 (83%) had cyber attack vulnerabilities in the router firmware, with an average of 186 vulnerabilities per router. In total, there was a staggering number of 32,003 known vulnerabilities found in the sample. Fact, 83% of home routers are vulnerable to attack.

The tests reference MITRE Corporation’s definition of vulnerabilities, “mistakes in open source software” in a public database. Each vulnerability has a unique CVE (Common Vulnerability and Exposure) identifier that contains information about a specific vulnerability’s capacities and risks. Those CVE’s are well known to and exploited by hackers and web-bots.

You would be right to gasp at this point. 83% of home routers vulnerable to attack

This is no beat up! ACI found that only 12% of the vulnerabilities were a low-security risk, 60% were medium, 21% were high, and 7% were critical.

83% of home routers are vulnerable to attack

No wonder that Symantec’s annual Internet Security Threat Report found a 600% increase in IoT attacks in 2017. Routers were the most frequently exploited type of device, making up 33.6% of IoT attacks.

An IoT cyberattack on security cameras, DVRs, printers, cars, baby monitors, data storage devices, refrigerators, even light bulbs can cause massive damage to the connected devices and harm to their owners. For instance, exploiting a security camera gives an attacker not only access to the entire network, but it also gives them a direct video feed inside the property.

The list of router brands included (check to see models affected)

Archer TP-Link ASUS AVM Fritzbox Belkin
Cerio D-Link HPE Linksys NETGEAR
Sierra Wireless Trend-Net Ubiquiti Yamaha Zyxel

GadgetGuy’s take. Sorry not good enough – 83% of home routers are vulnerable to attack

GadgetGuy has sought comment from the major router makers and will publish the responses.

All you can do in the interim is to ensure that your firmware is up to date and buy a third-party device that protects your home network.

But this issue heralds a much-needed new approach to having internet security on the router. Norton Core was first off the rank, and D-Link et al. will follow soon. While these are options, they require a rework of the home network.

GadgetGuy has two proven recommendations to easily add to an existing home router/network.

Fing Box $149 (no subscription) checks for vulnerabilities on your network like opened ports, a public IP address and no firewall being in place. It will alert you when intruders and hackers are trying to access your network. It automatically blocks attacks and new devices until you approve them. For the technically minded it offers a huge range of functionality including device IP addresses, internet connectivity/speeds/outage reports and sets up a digital fence to stop drive-by attacks.

Trend Micro Home Network security $299 (plus annual subscription after two-years). It will

  • Scan to find vulnerable passwords
  • Protect your network and devices from attack
  • Identify all the devices in your network by name
  • Group devices by family members for easy management
  • Manage your network from your smartphone or tablet

Both do mostly the same. I use both devices on my home network. Fing for convenience, IP addresses and NBN analytics and Trend as the second line of security with its vast antivirus resources.