Pretty much all Wi-Fi routers are vulnerable to attack, study finds

image of a the backside of a wireless router
(Image credit: deepblue4you)

In a shocking revelation, cybersecurity researchers have discovered over 200 bugs in Wi-Fi routers made by nine popular manufacturers, suggesting that millions of the most common devices around the world are vulnerable to attacks.

Researchers from IoT Inspector and CHIP examined devices from Asus, AVM, D-Link, Netgear, Edimax, TP-Link, Synology, and Linksys, and found a total of 226 potential security vulnerabilities.

"The test negatively exceeded all expectations for secure home and small business routers. Not all vulnerabilities are equally critical - but at the time of the test, all devices showed significant security vulnerabilities that could make a hacker’s life much easier," said Florian Lukavsky, CTO of IoT Inspector.

TechRadar needs yo...

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

The two devices with the most number of vulnerabilities were the The TP-Link Archer AX6000 with 32 vulnerabilities, and the Synology RT-2600ac with 30 vulnerabilities.

Greater accountability

According to the researchers, some of the security issues were detected across multiple devices, generally because of outdated software. They fathom that, since integrating a new kernel into the firmware is a costly affair, all of the tested routers were running dated versions of the Linux kernel.

Similarly, additional services, such as multimedia streaming or VPN, were usually found to be powered by outdated software.

When contacted by the researchers, all of the manufacturers quickly responded by releasing firmware patches to resolve the issues. 

The researchers also used the opportunity to point out that the coalition agreement of the new German government seeks to hold manufacturers accountable for vulnerabilities in their products.

“This increases the pressure on the industry to continuously secure products in order to avoid immense claims for damages,” point out the researchers.

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.