Keeping a close eye on your online accounts is incredibly important with scams, hacks, and breaches as common as they are. Your hardware is at risk as well, which is why we always recommend keeping your devices updated. In fact, one of the most indispensable devices in your home can also be one of the most vulnerable. Cybersecurity researchers recently examined a number of popular WiFi routers and found over 200 potential security holes that could put your data at risk.
Popular WiFi routers have huge security holes
Editors at the German IT magazine CHIP recently conducted a thorough security test on nine routers from major brands. They teamed up with security experts from IoT Inspector, who provided a security platform for automated IoT firmware checks. What they found might shock you.
“The test negatively exceeded all expectations for secure small business and home routers,” Florian Lukavsky, CTO of IoT Inspector, said of the results of the test on Thursday. “Not all vulnerabilities are equally critical – but at the time of the test, all devices showed significant security vulnerabilities that could make a hacker’s life much easier.”
According to IoT Inspector, the test featured routers from Asus, AVM, D-Link, Netgear, Edimax, TP-Link, Synology, and Linksys. Millions of units of each model are currently in circulation around the world. In all, the researchers found 226 vulnerabilities between the nine models.
Devices from TP-Link had the most vulnerabilities of any device. The company’s Archer AX6000 routers had a whopping 32 security holes. Meanwhile, Synology’s RT-2600ac router came in second place with 30 vulnerabilities. You can see the full list in this document (German).
What are the vulnerabilities?
As IoT Inspector explains, many of the routers had the same vulnerabilities. In many cases, it was an outdated operating system. The researchers noted that integrating a new kernel in the firmware is expensive. As a result, none of the manufacturers were up to date.
The routers also weren’t on the latest software. Most routers update themselves automatically, but only if you enable the feature. Router updates aren’t as frequent as phone or computer updates, but they’re just as important.
The researchers contacted all of the affected manufacturers before publishing the report. Every manufacturer responded by releasing firmware patches for their routers. Even if your router isn’t on the list, take this opportunity to check for any outstanding firmware updates.
Additionally, the German government announced that manufacturers will have to take greater responsibility going forward. The new coalition agreement states that “manufacturers are liable for damage negligently caused by IT security vulnerabilities in their products.” So if hackers find and exploit security holes in routers in the future, manufacturers will pay the price.
What you can do to protect yourself
Of course, whether or not the manufacturer is responsible, your data is still at risk. IoT Inspector CEO Jan Wendenburg offered the following helpful hint for all router owners:
Changing passwords on first use and enabling the automatic update function must be standard practice on all IoT devices, whether the device is used at home or in a corporate network. The greatest danger, besides vulnerabilities introduced by manufacturers, is using an IoT device according to the motto ‘plug, play and forget.’
Update your software, use strong passwords, and keep an eye out for reports such as these.