According to a new research report by The American Consumer Institute, over 83% of home Wi-Fi routers have known security vulnerabilities that can be exploited by hackers. Titled "Securing IoT Devices: How Safe Is Your Wi-Fi Router?", the study found that home Wi-Fi routers are mostly never updated to patch security flaws thus, as a point of entry into the home network, their vulnerability leaves other Internet connected devices such as baby monitors, media players, data storage devices, and more, open to malicious attacks.

As part of compiling the report, researchers examined 186 Wi-Fi routers from 13 different manufacturers including leading brands such as D-Link, Linksys, Belkin and NETGEAR.

Distribution of Vulnerabilities Based on Security Risk Severity. The American Consumer Institute

"Fixing vulnerabilities lies partly in the hands of consumers who must do their homework and install firmware (software) updates. Although some hardware makers try to insulate users from update burdens by providing automatic updates, the average consumer has probably never considered taking the initiative to update their router’s firmware. Because consumers rarely think about installing updates on their devices or are not even aware of potential security vulnerabilities, they tend not to consider firmware support."

Internet of Threats

As the report correctly highlights, a home Wi-Fi router that is vulnerable to malicious hacker attacks is not only a risk to itself, but is a point of entry into a home network that likely has other devices connected to the router for Internet access. These devices, some of them IoT devices such as sensors and baby monitors, could themselves have their own security vulnerabilities that could be exploited by hackers.

This is the problem with making almost every consumer device Internet-connected. As it stands, big corporates are struggling to keep hackers at bay despite the amount of resources they have and the sophisticated measures they have put in place to protect their company networks, what chance does a non-technically inclined consumer stand against a hacker?

You could argue that, unlike companies, consumers don't have much at risk in the form of data that can be leveraged for a ransom but there's always a case for privacy.

Would you be comfortable with some hacker accessing your Internet-connected baby monitor?

What about those confidential work files you are working on?

Not to mention your neighbour helping themselves to your Internet access.

Everyone is affected

Despite the report being comissioned by The American Consumer Initiative, evryone (outside the USA too) is affected. The routers and brands that are listed in the report are shipped, in some cases, with their default passwords by different telecommunications companies in Afrika, to their customers.

"The results of this study suggest that the most popular Wi-Fi routers in peoples’ homes are inadequately updated for security, leaving IoT devices open to attacks with potentially disastrous results. Simply resetting your router is not enough. Keeping firmware patched for known online threats may be an expense for manufacturers, but not doing so leaves consumers to collectively bear the burden of potentially much higher costs from cybercrime," reads the report.

Short of disabling Internet access on your home appliances that have the option to connect to the Internet, the best thing to do is to, firstly, ensure you've changed the default password that comes with each device. Secondly, as the report suggests, make sure you regularly check the manufacturers website for security and firmware updates.

"If this growing threat is to be countered effectively, manufacturers must commit more resources to identify and mitigate open source vulnerabilities on their devices and consumers must remain vigilant for potential threats that could compromise their personal data. With the IoT market expanding quickly for both residential and industrial applications, the need to secure firmware cannot be overstated."

The full list of routers that were found to have security vulnerabilities can be found in the report.


Cover image credit:

Photo by Misha Feshchak on Unsplash