Infosecurity Group Websites
Latest
News

Millions of Households at Risk from Outdated Routers

Millions of households could be at risk of cyber-attack because they’re running outdated and unpatched routers, a new investigation has found.

Unprotected routers are an increasingly popular target for attackers, theoretically enabling them to hijack smart home devices and eavesdrop on communications and web browsing.

Consumer rights group Which surveyed more than 6000 UK adults back in December to find out which router models they were using.

Extrapolating this data, it calculated that as many as 7.5 million households may be running routers with security issues.

After selecting some of the most common devices, it enlisted the help of Red Maple Technologies to test them, and discovered issues with more than half, from ISPs including Virgin, Sky, TalkTalk, EE and Vodafone.

One of the most common issues was a lack of firmware updates, leaving the devices potentially exposed to exploitation. Which claimed most of the models it tested hadn’t been updated since 2018, and some since 2016 — affecting an estimated six million users.

Another problem is weak default passwords which are easy to guess, allowing remote attackers to potentially hijack devices.

The researchers also discovered local network vulnerabilities, although these require an attacker to be within Wi-Fi range to exploit.

Which said not all old routers are inherently insecure, as long as they don’t allow weak default passwords and have regular firmware updates. However, it urged consumers to check and change any weak passwords and to request a new model if theirs is no longer receiving updates.

Tripwire VP of product management and strategy, Tim Erlin, argued that most modern connected devices will automatically update.

“The situation with updating connected devices in consumers’ homes has changed fairly dramatically and rapidly. It wasn’t long ago that the idea of a device automatically updating without the user’s knowledge was considered problematic, whereas now it’s a basic expectation,” he added.

“That rapid shift has left a sizable security gap in terms of deployed devices that don’t auto-update. Unfortunately, it’s likely that gap won’t be closed until those devices are simply replaced.”

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

Homecoming Queen Hacker to be Tried as an Adult

2
News

Cyber-Attack on Belgian Parliament

3
News

Global Phishing Campaign Drops New Malware Trio

4
News

Virgin Active SA Suffers Cyber-Attack

5
News

Third Parties Caused Data Breaches at 51% of Organizations

6
News

Researcher Claims Peloton APIs Exposed All Users Data

1
Blog

CISO Stories: Part Two

2
News

Millions of Households at Risk from Outdated Routers

3
Blog

Misconfigurations are Mistakes: Eliminate the Biggest Vulnerability in Cloud Services

4
News

#COVID19 Researchers Lose a Week's Work to Ryuk Ransomware

5
Opinion

US Supreme Court Rules on Key Software Development Practice

6
News

Misconfigured Database Exposes 200K Fake Amazon Reviewers

1
Webinar

Supply Chain Security: Easing the Headache of Third-Party Risk Assessments

2
Webinar

How Zero Trust Enables Remote Working and Builds to a SASE Vision

3
Webinar

Evolution of Ransomware-as-a-Service and Malware Delivery Mechanisms

4
Webinar

How to Win Cybersecurity Budget and Buy-in from the C-Suite to Mitigate Increased Level of Threat

5
Webinar

Data Classification: The Foundation of Effective Cybersecurity

6
Webinar

Zero Trust in 2021: How to Seamlessly Protect Your Remote and In-Office Users

1
Online Summit

[On-Demand] Infosecurity Magazine Spring Online Summit - EMEA 2021

2
Webinar

Security Mythbusting: Dismantling the Top Five API Myths

3
Online Summit

[On-Demand] Infosecurity Magazine Spring Online Summit - North America 2021

4
News Feature

Census 2021: How Safe Will Our Data Be Over the Next 100 Years?

5
Opinion

How Behavioral Biometrics is Combating Credential Stuffing Attacks

6
Webinar

Securing the #COVID19 Vaccine & Supply Chain