Study: Wi-Fi routers vulnerable to cyberattack
Eighty-three percent. That’s the proportion of Wi-Fi routers sold in the United States that are vulnerable to cyberattack, according to a new study by the American Consumer Institute.
“Without addressing these known security flaws, consumer devices could be compromised, and data could be stolen, leading to malicious activity, identity theft, fraud or espionage,” according to the study.
In May 2018, the FBI warned that Russian hackers had compromised hundreds of thousands of home and office routers and could collect user information or interfere with network traffic. This merely hinted at the magnitude of the security vulnerabilities in Americans’ Wi-Fi routers.
The analysis by American Consumer Institute included 186 devices from 14 manufacturers, of which 155 (83 percent) were found to have vulnerabilities to potential cyberattacks in the router’s software, with an average of 172 vulnerabilities per router. The total number of known vulnerabilities found is staggering: 32,003.
The severity of each vulnerability is ranked by the National Vulnerability Database and, based on different scores, each vulnerability is ranked “low,” “medium,” “high,” or “critical” to reflect severity of the associated risks.
Within the sample, 28 percent of the vulnerabilities were considered high risk or critical.
Unfortunately, there are no easy solutions.
Fixing these vulnerabilities lies partly in the hands of consumers who must learn about their devices and proactively seek software updates to patch known vulnerabilities. This will require a change in mentality — the average consumer has probably never even considered updating their router’s software.
And because most consumers are not even aware of potential security vulnerabilities, they tend not to demand software support from manufacturers. As a result, router makers often do not provide userfriendly ways to update software and may even view building security protocols into their devices as an unnecessary expense.
Router manufacturers have a responsibility to track potential security vulnerabilities on their routers and to ensure that consumers are given the tools to keep their devices secure.
One of the leading cybersecurity firms in the U.S. reported a 600 percent increase in Internet of Things attacks in 2017. Routers were the most frequently exploited type of device, making up 33.6 percent of IoT attacks.
Each of the 32,003 vulnerabilities identified in ACI’s report puts consumers and our economy at risk. If this growing threat is to be countered effectively, manufacturers must commit more resources to identifying and mitigating security vulnerabilities on their devices and consumers must remain vigilant for potential threats that could compromise their personal data.
Earlier this month, ACI released a study showing many popular smartphone apps contain known vulnerabilities not being patched by applications providers, also leaving consumer information and devices at risk. These two studies show the urgency for the industry to take proactive steps to protect consumer privacy, and these risks should not be taken for granted. Krisztina Pusok is with the American Consumer Institute, a nonprofit educational and research organization. She wrote this for InsideSources. com.