Even the most popular, feature-rich Wi-Fi routers are easy to hack, according to a study by Independent Security Evaluators. Even worse, there really isn’t much you can do to protect yourself from malicious attacks, and you can only hope your router vendor issues a security update in time. ISE tested 13 routers, including ones made and issued by Linksys, Belkin, TP-Link, and Verizon, and found that they could all be exploited by both remote and local adversaries. Remote adversaries can hack a router even when it’s not connected to it via Wi-Fi, while local adversaries must be connected to the router.
According to CNET, ISE primarily broke through the routers’ security barriers by using either unauthenticated attacks (which require victims to click on malicious links to infect the device so hackers can gain access to the router even when the victim isn’t logged in), or authenticated attacks, in which the hacker has to know the routers’ login credentials and the victims have to be logged in. When someone exploits your Wi-Fi router, they also gain access to what’s behind your firewall, including sensitive info on your compromised devices like passwords, credit card or social security numbers, or online banking details. In 2011, for instance, due to one vulnerability shared by six different manufacturers’ modems, 4.5 million DSL modems in Brazil were compromised with the attackers aiming for bank and credit card info.
The router vendors in the study were already notified of the vulnerability, and, according to ISE, some of them acted quickly and have already come up with fixes ready for beta testing in a few days. However, some of the other manufacturers don’t seem to be doing anything about it at the moment. Since no fix exists yet, you can’t patch up your router to make sure you’re safe, but you should be okay as long as you secure your wireless network and you browse the Internet safely. ISE’s analysts also recommend changing your username and password to something else other than your router’s default if you can, using WPA2 security protocol instead of WEP, changing the router’s IP address if possible, updating your firmware, and clearing your browser’s cookies and cache every time you change the router’s settings.
[Image via William Hook/Flickr]