If you have a consumer grade WiFi router or access point in your home (or business), there’s an 83% chance it could have one or more critical security flaws, that according to a recent study by The American Consumer Institute Center for Citizen Research (ACI). ACI studied 186 home routers from 14 manufacturers and found that 155 of them, 83%, had significant vulnerabilities making them susceptible to cyberattacks. 28% of the vulnerabilities were rated ‘high-risk and critical’. The average ‘at risk’ router had over a hundred vulnerabilities.
How does that happen?
Well, WiFi device manufacturers often do not provide any way, or at least a user-friendly, non-techy way, for consumers to update the firmware in their home-market devices. Further many home routers lack advanced configurable features and activity reporting that might help a home user secure their device or easily be alerted to suspicious activity. Adding those kinds of business-class features can be a large expense -- and the home / consumer router market is largely price driven.
Why does it matter that a WiFi device is vulnerable? Well, those ‘high-risk’ vulnerabilities mean that a successful attacker could take over a device and use it to snoop on traffic (think home banking credentials or other passwords), redirect traffic to malicious Websites, or even create malicious traffic that would appear to come from the hacked device.
If the home WiFi device is being used to remote connect a computer at home to resources at work, it could be even worse, at least for the business. Corporate network passwords can be exposed, and private and confidential data breached. It’s not an exaggeration to say that some businesses’ largest IT exposure is the security profile of their remote users – and vulnerable home WiFi devices are a big part of that.
Newer devices tend to have better security out of the box, and have friendlier and even automatic ways to update critical firmware on the unit, but that’s not anywhere near 100%. For most home users, and small business users with home-grade equipment, the safest thing to do may be device replacement, particularly if the device is more than three years old. When it’s time to replace the device, a business class router or access point is a much more secure purchase, although it could be twice the money.
To see if your router was tested in the ACI study, you may access the summary report here and if you don’t care to read the entire document, scroll to Appendix A. Whether or not your device is on the list, if you want help in figuring out how best to secure home WiFi, and in turn, to secure both your home and business networking, contact us. We can help.