Study finds four-fifths of popular routers have major security flaws

The door is open for attackers

Tripwire has announced the results from its analysis of security vulnerabilities in small and home office wireless routers, finding that 80 per cent have exploitable flaws in their security.

The study centred on 653 IT professionals and 1,009 employees who work remotely in both the UK and US, focusing on the dangers unsecured routers may present businesses. Even technically orientated users, Tripwire states, can find it difficult to identify when their router has been compromised.

According to findings from the survey, 30 per cent of IT professionals and almost 50 per cent of remote employees do not change the default passwords on their routers. 55 per cent and 85 per cent respectively do not change the IP address of their routers.

Route to disaster

Other statistics show that 50 per cent of IT professionals and 60 per cent of employees have also never upgraded the firmware of their routers, even when updates are available. Half of those surveyed also haven't changed their security standard from WPS, which is easy for attackers to penetrate.

Perhaps the most worrying of the results, however, was that 80 per cent of Amazon's top 25 best-selling routers for small office or home office use have security flaws. Of those flawed models, 34 per cent have vulnerabilities that are publicly documented on the Internet.

"Unfortunately, users don't change the default administrator, passwords or the default IPs in these devices and this behaviour, along with the prevalence of authentication bypass vulnerabilities, opens the door for widespread attacks through malicious web sites, browser plugins, and smartphone applications," said Craig Young, researcher at Tripwire.