In a study conducted by Comparitech, a technology comparison company, researchers found that 6.4 percent of popular home Wi-Fi routers currently sold on Amazon could be hacked, allowing malicious intruders to potentially access the user’s network.
To put that figure into solid numbers, of the 9,927 routers tested by researchers, a total of 635 were found to be vulnerable to password attacks. In the case of a real attack, the users of these devices could fall victim to crimes such as DNS hijacking, eavesdropping or other malicious activity.
To test the security of the routers in the study, the research team needed to simulate a potential cyber attack. First they chose 12 Wi-Fi routers that can be commonly found in people’s homes and that are available to purchase online.
They then used the search engines, ZoomEye and Shodan.io, to scan the web for IP addresses of users with the selected router models. The researchers then used a java script to see if they could bypass the routers’ passwords, recording if they were successful or unsuccessful at logging in.
Of the 12 different router types tested, only two router types fared well. These were: the Asus RT and MikroTik models that proved to be impenetrable by the researchers. These router types were unable to be breached, despite researchers performing hundreds of tests and repeating their tests on the same router types.
A MicroTik router
MicroTik
Ten other router models fared less well, proving to be no trouble for the team to bypass the router’s administrative passwords and gain a point of entry into the users’ systems. The worst performers of these routers included, NetGear Ethernet Plus Switch, Xfinity and ZTE ZXV10. The researchers managed to hack between 15-20 percent of the total number of these router types during testing.
So, why can some routers be hacked and others can’t? Well, in this case hardware is not to blame. It turns out that a simple permission requirement from the router manufacturer’s software is the key to blocking this kind of attack.
The Asus RT and MikroTik routers required users to change their passwords before logging onto the internet, a step that proved to give them a higher level of security against password hacking. The study highlights the importance of manufacturers incorporating these safeguards into router products, since many users fail to take precautions themselves.
An Asus RT router
Asus
Regardless of whether a router prompts them or not, Internet users should always change their router’s administrative password upon setting it up (this password is different to the password they use to connect to the internet), concluded the researchers. And, if in doubt, they should contact their router manufacturer for advice on how to do this.