Research: 1 in 16 home routers can be hacked

Study finds flaw in popular routers

Credit: Dreamstime: Oleg Chumakov

In a study conducted by Comparitech, a technology comparison company, researchers found that 6.4 percent of popular home Wi-Fi routers currently sold on Amazon could be hacked, allowing malicious intruders to potentially access the user’s network.

To put that figure into solid numbers, of the 9,927 routers tested by researchers, a total of 635 were found to be vulnerable to password attacks. In the case of a real attack, the users of these devices could fall victim to crimes such as DNS hijacking, eavesdropping or other malicious activity.

To test the security of the routers in the study, the research team needed to simulate a potential cyber attack. First they chose 12 Wi-Fi routers that can be commonly found in people’s homes and that are available to purchase online.

They then used the search engines, ZoomEye and Shodan.io, to scan the web for IP addresses of users with the selected router models. The researchers then used a java script to see if they could bypass the routers’ passwords, recording if they were successful or unsuccessful at logging in.

Of the 12 different router types tested, only two router types fared well. These were: the Asus RT and MikroTik models that proved to be impenetrable by the researchers. These router types were unable to be breached, despite researchers performing hundreds of tests and repeating their tests on the same router types.

Ten other router models fared less well, proving to be no trouble for the team to bypass the router’s administrative passwords and gain a point of entry into the users’ systems. The worst performers of these routers included, NetGear Ethernet Plus Switch, Xfinity and ZTE ZXV10. The researchers managed to hack between 15-20 percent of the total number of these router types during testing.

A MikroTik routerCredit: MikroTik
A MikroTik router

So, why can some routers be hacked and others can’t? Well, in this case hardware is not to blame. It turns out that a simple permission requirement from the router manufacturer’s software is the key to blocking this kind of attack.

The Asus RT and MikroTik routers required users to change their passwords before logging onto the internet, a step that proved to give them a higher level of security against password hacking. The study highlights the importance of manufacturers incorporating these safeguards into router products, since many users fail to take precautions themselves.

An Asus RT routerCredit: Asus
An Asus RT router

Regardless of whether a router prompts them or not, Internet users should always change their router’s administrative password upon setting it up (this password is different to the password they use to connect to the internet), concluded the researchers. And, if in doubt, they should contact their router manufacturer for advice on how to do this. 

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags internet securityWi-Ficyber threatsrouterroutersnetgearhijackingDNS securityWi-Fi & networkingcyber attackAsusRTcomparitech

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Dominic Bayley

Dominic Bayley

PC World
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Cate Bacon

Aruba Instant On AP11D

The strength of the Aruba Instant On AP11D is that the design and feature set support the modern, flexible, and mobile way of working.

Dr Prabigya Shiwakoti

Aruba Instant On AP11D

Aruba backs the AP11D up with a two-year warranty and 24/7 phone support.

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?