It is not just enough to surf the internet, but equally important to safeguard its boundaries. However, a latest survey has exposed the knowledge and preparedness of internet users.
It was found that 86% of broadband users are unaware of critical aspects of router security. A significant portion of internet users have never changed their router’s default admin password, raising serious concerns among cybersecurity experts.
A recent survey conducted by Broadband Genie sheds light on the troubling security practices surrounding internet routers. The survey, that included over 3,000 users, aimed to assess how router security attitudes have shifted since similar surveys in 2018 and 2022.
The results are concerning: over half of the respondents had never explored their router settings to make any changes, while an astonishing 86% had not altered the factory-set administrator password.
Findings from Router Security Survey
Alex Toft, a broadband expert from Broadband Genie, expressed his disappointment with the findings. “Leaving the password as the default is the easiest way for someone to gain access to your router and, therefore, your network and connected devices,” Toft said. A simple step like changing the router’s default password should be one of the first actions taken upon setup.
While some might argue that newer router models come with unique admin passwords, many users still neglect to strengthen these passwords. Toft emphasized that a weak or easily guessable password remains a vulnerability. Moreover, the survey revealed that 72% of users had never bothered to change their Wi-Fi passwords. Toft pointed out, “Default Wi-Fi passwords are well known, and it would take seconds for a knowledgeable hacker to gain access.”
Perhaps the most interesting statistic from the survey is that 89% of users reported never updating their router firmware. This lack of attention to router security can leave devices open to vulnerabilities, as cybercriminals often exploit unpatched firmware to access sensitive information.
Specific Vulnerabilities Identified
The Cybersecurity and Infrastructure Security Agency (CISA) recently issued a directive requiring federal agencies to address two known vulnerabilities actively exploited by hackers. Although the mandate primarily applies to federal employees, CISA has advised all organizations to stay informed about known vulnerabilities to safeguard their networks.
These vulnerabilities were also added to the Known Exploited Vulnerabilities Catalog, which requires quick remediation actions by federal agencies. The vulnerabilities are linked to D-Link and DrayTek routers, both suffering from operating system command injection vulnerabilities.
CVE-2023-25280 affects D-Link DIR-820 routers, allowing unauthorized remote access to escalate privileges. Given that the affected router model is nearing end-of-life, CISA recommends discontinuation and replacement for enhanced security.
On the other hand, CVE-2020-15415 impacts several DrayTek models, allowing for remote code execution via improperly handled input. CISA urges users to apply mitigations as advised by the vendor to protect against these vulnerabilities.
Recent findings from Vedere Labs at Forescout Research revealed an additional 14 vulnerabilities in DrayTek routers, with severity ratings reaching as high as 10. The research indicates that a staggering 704,000 routers are at risk across 168 countries, with a concentration in the UK, EU, and Asia.
Barry Mainz, CEO of Forescout, highlighted the critical nature of router security, stating, “Cybercriminals work around the clock to find cracks in routers’ defenses, using them as entry points to steal data or cripple business operations.”
Understanding the Risks and Mitigation Steps
The vulnerabilities disclosed could allow attackers to perform remote code execution via command injection. Other critical vulnerabilities included issues related to shared admin credentials and buffer overflow risks.
To secure their networks effectively, users are urged to take immediate action by:
- Patching affected devices with the latest firmware updates.
- Disabling unnecessary remote access and implementing access control lists.
- Utilizing two-factor authentication and monitoring for anomalies via syslog logging.
