Major security flaws affect millions of routers, manufacturers do nothing
A recent study by Kaspersky points the finger at router manufacturers: if more than 500 flaws were discovered in 2021, most have not been corrected. Manufacturers apply the policy of the ostrich by leaving their equipment at the mercy of pirates.
If we often mention in our columns the security flaws recently discovered in operating systems and applications, the hardware part is certainly more discreet, but it is not left out. Routers are for example one of the favorite targets of attackerssince they are found everywhere, in individuals as well as in small and large companies.
On these devices, there are thus no less than 506 security flaws that were discovered in 2021. Among them, there are 87 critical vulnerabilities (a little over 17%). A figure that may seem low given the flaws in Windows or software such as a browser or an office suite. On the other hand, there is cause for concern when we consider the responsiveness of the manufacturers. Because a year later nearly 30% of these 87 critical flaws have not been fixed.
Read also: millions of connected objects and routers are at the mercy of hackers
Router manufacturers and vendors leave users to fend for themselves
Still according to Kaspersky, only 26% of critical vulnerabilities published in 2021 received an alert from vendors. But they don’t always come with a fix, with vendors just asking owners to get closer to tech support.
Moreover, even when they are warned of a problem with their equipment, users are not always seasoned as to what to do. And most are not inclined to make any changes to their router. Thus, 48% of users have never modified the slightest parameter on their equipment and have never changed the Wi-Fi access password. 73% of them see no reason to go to their router settingsand 20% admit not knowing how to go about it.
These security vulnerabilities affect any type of router, whether it is a model dedicated to a home network, or a more sophisticated device intended for a large company. They allow an attacker to bypass authentication, take control of the device remotely or neutralize it.
How to stop hackers from attacking your router
To guard against attacks, Kaspersky provides some good advice:
- Replace the default password with a long and complex password.
- Always use WPA2 encryption.
- Disable remote access to the device.
- Update router firmware.
- Use a fixed IP address and disable DHCP, while enabling MAC filtering on the Wi-Fi network.
Of course, these measures do not guarantee that you are completely invulnerable to hacker attacks. But they will protect you from almost all attempts at malicious acts.