Security researchers tested nine popular WiFi routers and found they are riddled with vulnerabilities – even when running the latest firmware.
In the nine models tested, a total of 226 vulnerabilities were found, the TP-Link Archer AX6000 and the Synology RT-2600ac resulting the most insecure, with 32 and 30 flaws, respectively.
Conducted by IoT Inspector for the publication CHIP, the analysis found that in the most common vulnerabilities were:
- Outdated Linux kernel in the firmware
- Outdated multimedia and VPN functions
- Over-reliance on older versions of BusyBox
- Use of weak default passwords like “admin”
- Presence of hardcoded credentials in plain text form
Commenting on the findings, Lamar Bailey, senior director of cyber security at Tripwire, pointed out that the security of home routers should be a concern for employers. “Consumer wifi routers are more critical to enterprises now than ever. COVID caused a huge migration to work from home for many organisations. The migration happened so fast that the major focus was on connectivity and not security. When workers are at home the employee’s router is now a major concern because all traffic is going through this device,” said Bailey.
According to Bailey, one of the problems lies in the fact that routers are not always updated by home users, meaning that even if when security fixes are available these are often not installed. “We also see that the manufactures do not have the same security focus on the commercial line as they do for the commercial lines. The manufactures take much longer to patch security issues and often the end of life the device instead of fixing it. Home routers are about as secure as public free wifi so users should take the same precautions,” he added.