Skip to main content

Is your router vulnerable to attacks? New report says odds aren’t in your favor

A new study out by the American Consumer Institute shows that 83 percent of routers in the United States are vulnerable to cyberattacks.  The group finds that a majority of those routers have critical security vulnerabilities, primarily due to the lack of firmware updates.

In testing a total of 186 routers from leading manufacturers like Netgear and Linksys, the study found that over 155 were vulnerable to potential cyberattacks. Individually, there were 172 vulnerabilities per router, and 32,003 vulnerabilities in total.

Related Videos
The distribution of vulnerabilities (Chart from The American Consumer Institute)

Though a shocking number, the vulnerabilities were all ranked in severity, of low, medium, and high by the National Security Database. Each of these vulnerabilities takes a different set of hacking skills to exploit, with 21 percent being ranked high, 60 percent medium, and 12 percent low.

“High and critical vulnerabilities are more easily exploited, and it could cause more damage than low and medium vulnerabilities. High-risk vulnerabilities require very little knowledge or skill to exploit, but, unlike critical-risk vulnerabilities, they will not entirely compromise the system. The potential damage remains a concern, as exploited high-risk vulnerabilities can partially damage the system and cause information disclosure,” explains the report.

The entire sample considered, a total of 28 percent of the vulnerabilities were also ranked as high risk. There was also, on average, 12 critical vulnerabilities and 36 high-risk vulnerabilities, across the entire sample.

Unfortunately, the report also finds that the fix for these vulnerabilities belongs in the hands of consumers and router vendors. Manufactures provide firmware updates to address these critical issues, but they are not always easy to install.  Since the FBI warned of previous Russian intrusion in Wi-Fi routers earlier this year, there are serious implications here for business and consumers.

The world is every connected, and this poses risk for Internet of Things devices, network-attached storage devices, and anything that is connected to the internet. Even if it seems like a daunting task, always stay on top of your security updates, and check your router manufacturer website for more information on how to update your firmware.

If you’re concerned if your router is impacted, you can check out the final page of the study, which has a complete list of impacted models.

Editors' Recommendations

This new malware is targeting Facebook accounts – make sure yours is safe
Facebook logo appears with a hooded figure over a cracked blue background.

In the ongoing barrage of cyberattacks, Facebook users are being targeted by a new version of the Ducktail malware that originally surfaced in July. The first implementation was specifically aimed at Facebook Business accounts, but it has recently become a more widespread danger.

The latest version of Ducktail collects any and all Facebook data available on an infected computer. If it happens to be a business account, payment methods could be discovered, putting your money at risk. Furthermore, Facebook Business data might include billing information and cycles, which could be used to help disguise unauthorized purchases.

Read more
New COVID-19 phishing emails may steal your business secrets
Woman Checking Her Email

Google Forms are being used as a way to obtain the sensitive information of business owners through COVID-19 phishing emails, according to a new report.

As reported by Bleeping Computer, phishing messages based on COVID-19 have started to become increasingly popular in recent weeks.

Read more
A new phishing scam pretends to be your boss sending you an email
how to back up emails in outlook laptop

One of the latest email scams is a simple yet masterful ploy that gets companies to give up money under the guise of communicating with senior members of an organization within an email chain.

As reported by ZDNet, the scam is called a business email compromise (BEC) campaign and is described as a prompt where a nefarious actor, disguised as a company boss, sends an email that looks like a forwarded email chain, with instructions to an employee to send money. Targets of this type of scam are typically employees in the finance department or someone who has the ability to send wire transfers.

Read more