Around three-quarters of internet-connected households in the UK are at risk of getting attacked through their wireless router.
According to a study conducted by Avast Software, more than half of all routers are poorly protected by default or common, easily hacked password combinations such as admin/admin or admin/password, or even admin/<no-password>.
The survey of more than 2,000 households in the UK found that 23 per cent of consumers use their address, name, phone number, street name or other easily guessed terms as their passwords.
Speaking at an event in London, Ondřej Vlček, COO of Avast said that many routers are “riddled” with security problems” and all have administrator interface that allows the user to reconfigure the router, which is enabled via a backdoor.
He said: “Five to seven years ago people had connections at their home network for their games console, now they have dozens of internet-connected devices including IP and security camera and heaters and thermostats. It has been growing and steadily fast.
“In our study, we found that with the three most common username and password combination, we were able to get to about 50 per cent of the world’s routers. As well as that, they were able to use easy-to-guess passwords, so in total 75 per cent of routers can be easily accessed by an attacker using a ‘guess’ attack.”
He said that as the routers have a CPU and an operating system firmware, the problem is that the firmware is vulnerable to remote code execution attacks. “While modern operating systems we use for PCs and Macs and phones are quite sophisticated, these devices have been completely ignored and are still using the same approach to the evolution of security that they were 20 years ago,” he said.
“What this means is that for any attacker with elementary skills, it is really easy to use common vulnerabilities on these routers.”
Vince Steckler, chief executive officer of Avast, said: “Today’s router security situation is very reminiscent of PCs in the 1990s, with lax attitudes towards security combined with new vulnerabilities being discovered every day creating an easily exploitable environment. The main difference is people have much more personal information stored on their devices today than they did back then. Consumers need strong yet simple-to-use tools that can prevent attacks before they happen.”
According to the survey, less than half of British people strongly believe their home network is secure, despite 88 per cent of wired households in the UK having six or more devices connected to a WiFi network. Also, 15 per cent of respondents reported that they have fallen victim to hackers, while the same amount do not know if they use a solution to protect their home network, while nine per cent are certain that they don’t use one.
