The American Consumer Institute’s (ACI) Centre for Citizen research tested 186 current Wi-Fi routers from 14 different manufacturers each updated to the latest firmware on the manufacturer’s website. A shocking 83% of home routers are vulnerable to attack.
ACI ran Insignary’s Clarity scanning tool. It shows that of the 186 tested, 155 (83%) had cyber attack vulnerabilities in the router firmware, with an average of 186 vulnerabilities per router. In total, there was a staggering number of 32,003 known vulnerabilities found in the sample. Fact, 83% of home routers are vulnerable to attack.
The tests reference MITRE Corporation’s definition of vulnerabilities, “mistakes in open source software” in a public database. Each vulnerability has a unique CVE (Common Vulnerability and Exposure) identifier that contains information about a specific vulnerability’s capacities and risks. Those CVE’s are well known to and exploited by hackers and web-bots.
You would be right to gasp at this point. 83% of home
routers vulnerable to attack
This is no beat up! ACI
found that only 12% of the vulnerabilities were a low-security risk, 60% were medium, 21% were high, and 7% were critical.
No wonder that Symantec’s annual Internet Security Threat
Report found a 600% increase in IoT attacks in 2017. Routers were the most
frequently exploited type of device, making up 33.6% of IoT attacks.
An IoT cyberattack on security cameras, DVRs, printers,
cars, baby monitors, data storage devices, refrigerators, even light bulbs can cause massive damage to the
connected devices and harm to their owners. For instance, exploiting a security
camera gives an attacker not only access to the entire network, but it also gives them a direct video feed
inside the property.
The list of router brands included (check to see models affected)
GadgetGuy’s take. Sorry not good enough – 83% of home routers are vulnerable to attack
GadgetGuy has sought comment from the major router makers and will publish the responses.
All you can do in the interim is to ensure that your firmware is up to date and buy a third-party
device that protects your home network.
But this issue heralds a much-needed new approach to having internet security on the router. Norton Core was first off the rank, and D-Link et al. will follow soon. While these are options, they require a rework of the home network.
GadgetGuy has two proven recommendations to easily add to an existing home router/network.
Fing Box $149 (no subscription) checks for vulnerabilities on your network like opened ports, a public IP address and no firewall being in place. It will alert you when intruders and hackers are trying to access your network. It automatically blocks attacks and new devices until you approve them. For the technically minded it offers a huge range of functionality including device IP addresses, internet connectivity/speeds/outage reports and sets up a digital fence to stop drive-by attacks.