New research from Broadband Genie, an independent UK comparison service for home broadband, TV, landline, and mobile broadband services, has found that millions of home broadband Wi-Fi routers in the UK could be at risk because many internet users do not take basic security precautions that could protect them from online threats.
In a survey of 1,320 broadband users, it was discovered that 88% have never updated their router firmware and 84% have never changed their router admin password.
"The router is often an overlooked device, but it’s the gateway to the internet, and if it’s compromised it provides an attacker with access to the entire home network which can be abused to steal personal information, spy on people or launch widespread cyber attacks. Particular attention should be paid to Internet of Things (IoT) devices as the adoption of them in the home continues to rise rapidly. These devices often come with no underlying security framework to protect them, and as they rely on the network to function, anybody who can gain access to the network has the potential to control them," said Luis Corrons, Security Evangelist at Avast.
Are consumers aware of the security changes they should be taking?
When asked the main reason why they had not made any of these changes, 73% said they did not know why they would need to modify settings on their router, while 20% said they did not know how.
Matt Powell, Editor of Broadband Genie, said: “In 2018, we ran a similar study that found 52% had never modified their router’s default settings. It’s disappointing to see this number has barely shifted. Most concerning is the very high percentage of UK broadband subscribers who don’t even know why they should be making any of these changes.”
On average, a typical home network will have ten connected devices yet 72% also said they had never checked to see what devices are linked to their router. Overall, 48% of the respondents said they had never carried out any of the actions listed in the survey.
The common ways hackers are gaining access to Wi-FI
Hackers can exploit security flaws in the router’s firmware. Since firmware is updated so infrequently, hackers have ample time to discover and exploit security flaws before they’re patched. Infrequent firmware updates leave 83% of home Wi-Fi routers vulnerable to attack, according to a study by The American Consumer Institute (ACI).
Corrons commented: "There are Wi-Fi hackers who know the default admin credentials for almost all the popular routers on the market. If someone can reach your Wi-Fi network, they can try logging into your router with that information. And if they’re successful a whole new set of threats can emerge, from spying on your internet traffic, to hogging your bandwidth, stealing sensitive information you enter into unencrypted websites, and installing malware. If you’ve never updated the login credentials after installing a router, you’re setting yourself up as an easy target for a router password hack.
"It’s also worth changing the router’s network name, also known as SSID (service set identifier). New routers often display the brand of the router in the SSID, and Wi-Fi hackers can use that information to help them crack your password. Set a custom network name instead so that they won’t know which type of router you have. The fewer clues you give an attacker, the harder their job will be.”