Internet security experts are warning that old routers are targets for cyber-criminals who find them an easy hacking option.
How Big Is The Threat?
Trend Micros have reported that back in 2016 there were five families of threats for routers, but this grew to 35 families of threats in 2018. Research by the American Consumer Institute in 2018 revealed that 83 per cent of home and office routers have vulnerabilities that could be exploited by attackers. These include the more popular brands such as Linksys, NETGEAR and D-Link.
Why Are Old Routers Vulnerable?
Older routers are open to attacks that are designed to exploit simple vulnerabilities for several reasons including:
What If Your Router Is Compromised?
One big problem is that because users have little real knowledge about their routers anyway and pay little attention to them apart from when their connection goes down. It is often the case, therefore, that users tend not to know that their router has been compromised as there are no clear outward signals.
Hacking a router is commonly used to carry out other criminal and malicious activity such as Distributed Denial of Service attacks (DDoS) as part of a botnet, credential stuffing, mining bitcoin and accessing other IoT devices that link to that router.
Examples of high-profile router-based attacks include:
Also, back in 2017, Virgin Media advised its 800,000 customers to change their passwords to reduce the risk of hacking after finding that many customers were still using risky default network and router passwords.
Concerns were also expressed by some security commentators about TalkTalk’s Super Router regarding the WPS feature in the router always being switched on, even if the WPS pairing button was not used, thereby meaning that attackers within range could have potentially hacked into the router and stolen the router’s Wi-Fi password.
What Does This Mean For Your Business?
If you have an old router with old firmware, you could have a weak link in your cyber-security. If that old router links to IoT devices, these could also be at risk because of the router.
Manufacturers could help reduce the risk to business and home router users by taking steps such as disabling the internet until a user goes through a set up on the device which could include changing the password to a unique one.
Also, vendors and ISPs could help by having an active upgrade policy for out of date, vulnerable firmware, and by making sure that patches and upgrades are sent out quickly.
ISPs could do more to educate and to provide guidance on firmware updates e.g. with email bulletins. Some tech commentators have also suggested using a tiered system where advanced users who want more control of their set-up can have the option, but everyone else gets updates rolled out automatically.