The majority of households in the United States uses a insecure router that is vulnerable to cyber attacks. A consumer organisation tested routers from Asus, AVM, Belkin, Cerio, D-Link, Linksys TrendNet, NetGear, Sierra Wireless, TP-Link, Yamaha and Zyxel and found that 83% of the routers contained serious security issues.
The American Consumer tested more than 186 different brands and types of routers. They found that the average vulnerable router contains 186 vulnerabilities. In total they found 32,003 vulnerabilities on the 155 vulnerable devices (83%), the other 23 (17%) routers contained no security issues. From all vulnerabilities, 28% were considered high-risk and critical.
"On average, routers contained 12 critical vulnerabilities and 36 high-risk vulnerabilities, across the entire sample. The most common vulnerabilities were medium-risk, with an average of 103 vulnerabilities per router," the researchers write in their report.
Users are at risk because most of the vulnerabilities are not patched. Many router vendors support their routers for a limited time which means that when vulnerabilities are found after that time, they won't be patched. And even if a patch is available, most users don't really update their router. Some router vendors offer automatic updates, which is an important security measure that is hardly even considered when buying a router by the average consumer.
Routers that are not automatically updated need to be manually updated. Often this is complicated and not user-friendly. Sometimes users need to be registered with the vendor to be eligible for an update, while for other vendors offer old updates, so when users update, they still have outdated code.
According to The American Consumer, the insecure routers are, "inadequately updated for known security flaws, leaving connected devices open to cyberattacks that can compromise consumer privacy and lead to financial loss".
