Use a Wi-Fi Router at Home? You're Probably at Risk for Cybercrime

If you use a Wi-Fi router in your home, there’s a good chance you’re at risk for cyberattack, according to a new study.

The American Consumer Institute (ACI) analyzed 186 devices from 14 different manufacturers and found that 83 percent of routers sold in the United States have security vulnerabilities -- that’s 5 of 6 devices. From the report:

The security we want for our devices and software is rather simple. We want these electronic devices to be free from intrusion, and we want the data secure and not corruptible nor distributable without our authorization. Yet, our results show that these devices are highly vulnerable, and are becoming an increasingly attractive target for cyberattacks.

On average, each router that ACI examined had 172 known vulnerabilities.

To distinguish between relatively benign vulnerabilities and those that can cause catastrophic damage, the National Vulnerability Database ranks each vulnerability as either “low,” “medium,” “high,” or “critical,” based on the severity of its associated risks.



Within the sample, 28 percent of the vulnerabilities were considered “high risk” or “critical.”



As you might expect, high risk vulnerabilities require very little skill to exploit and can partially damage the system and cause information to be compromised. Critical vulnerabilities go even further, potentially causing total system disclosure.

On average, each router in ACI’s study contained 12 critical vulnerabilities and 36 high risk vulnerabilities. The most common vulnerabilities were medium risk, with an average of 103 vulnerabilities per router.

Routers are frequent targets for hackers because they are usually left turned on and their accompanying software is infrequently updated. Also, routers are increasingly being built on open source code, which is more vulnerable to attack than custom proprietary software.

The total number of known vulnerabilities found in the sample is 32,003, each of which puts consumers and our economy at risk.

This isn’t the first study to draw attention to this important issue, but it does uncover important new information about the devices that millions of American households use to connect to the Internet, conduct business, and store personal data.

Nor is this merely a hypothetical threat. Earlier this year, the FBI revealed that Russian computer hackers had compromised hundreds of thousands of home and office routers and could collect user information or shut down network traffic.

As hackers -- both foreign and domestic -- become more sophisticated, these attacks will only grow more frequent and damaging unless proper safeguards are put in place to protect users.

A leading U.S. cybersecurity firm reported a 600% increase in Internet of Things (IoT) attacks in 2017 and noted that routers were the most frequently exploited type of device, accounting for more than one-third of attacks.

In short, this problem isn’t going away.

But there are ways to mitigate the risks. Router manufacturers, as well as consumers, need to do more to address these vulnerabilities.

Users, who too often don’t give enough thought to the cybersecurity of their routers, must educate themselves on how to install security updates and check for cyberthreats.

But consumers can only do so much. Preventing known security vulnerabilities from being included in consumer products is the responsibility of router manufacturers, who must do more to monitor the software in their devices and provocatively address known vulnerabilities.

Earlier this month, ACI released a study showing that many popular smartphone apps contain known vulnerabilities that are not being patched by applications providers, also leaving consumer information and devices at risk. These studies all show that the cybersecurity stakes have never been higher, and neither has the number of potential targets for nefarious hackers.

The need for greater attention to this issue can hardly be overstated.

Liam Sigaud writes for the American Consumer Institute, a nonprofit educational and research organization. For more information about the Institute, visit www.TheAmericanConsumer.Org.