Routers have become essential in billions of homes. But how often do you think about their safety?
After plugging in a home router, most people don’t give it much thought until it fails or the WiFi stops working for some reason. However, in a world where our devices are increasingly connected to each other and more of us are working from home, even seemingly benign WiFi routers could pose significant security threats. According to a recent assessment by consumer watchdog Which?it’s estimated that around six million people haven’t updated their router since 2018 or before – and that’s just in the UK.
According to security experts, your typical home router is woefully unprepared for a cyberattack. Most home routers have weak default passwords, lack critical firmware updates, and have network vulnerabilities such as those involving EE’s Brightbox 2 (this could give a hacker complete control over the device ).
Cybersecurity researchers examined 13 router models supplied by EE, Sky and Virgin Media. Two-thirds of these devices were found to be faulty, including the Sky SR101 and SR102; Virgin Media Super Hub and Super Hub 2; and the TalkTalk HG635, HG523a and HG533.
The only routers that passed all the security tests were those from BT, including the Home Hub 3B, 4A and 5B, and Plusnet’s Hub Zero 270N. However, BT had a critical vulnerability in its Brightbox 2 router provided by EE, which is part of the BT group.
Fortunately, modern spectrum-enabled routers have device-specific default passwords and perform firmware updates automatically. However, older models will suffer from the issues identified in this report.
BT Group, Virgin Media and TalkTalk denied the validity of the findings, each saying old and outdated routers made up only a small fraction of their user base. However, other security research groups have come to similar conclusions in the past.
“We tried to convince one of the ISPs in question to patch a critical security flaw that allows several million of their client routers to be hacked remotely and gain access to home networks,” said Ken Munro, consultant security from Pen Test Partners. BBC.
“We reported the issue over a year ago, but they dithered multiple times.”
Around 7.5 million internet users in the UK have been affected by the vulnerabilities, with no updates since 2018 and even 2016 in some cases, according to the report. Six million UK households used outdated equipment provided by internet service providers, the authors added.
“Internet service providers should be much clearer about the number of customers using outdated routers and encourage people to upgrade devices that pose security risks,” said Which? computer editor Kate Bevan.
In order to solve this problem, a top-down approach may be the best. Most broadband consumers aren’t particularly tech-savvy, so the responsibility for keeping their devices secure should rest with the internet service provider.
The UK government is currently drafting legislation that will broadly regulate smart devices, but will also include rules such as banning the setting of default passwords on devices and requiring manufacturers to tell consumers how long their devices will receive security software updates. Although the study focused only on the UK, it’s hard to believe that other countries would fare much better.