'83% of the home and office routers vulnerable to cyberattacks'


#1

Originally published at: https://www.myce.com/news/83-of-the-home-and-office-routers-vulnerable-to-cyberattacks-85176/

The majority of households in the United States uses a insecure router that is vulnerable to cyber attacks. Researchers tested routers from Asus, AVM, Belkin, Cerio, D-Link, Linksys TrendNet, NetGear, Sierra Wireless, TP-Link, Yamaha and Zyxel and found that 83% of the routers contained serious security issues.


#2

I wonder how much some of this is mitigated simply by changing the default admin password, since in so many cases I’ve read of router compromises it starts by gaining access via default router passwords.


#3

I read about the ‘Krack WPA2’ issue recently (I never even heard about it til recently which I am a little surprised as I must have missed it on random tech sites I visit a while ago as I am sure they had to report this) even though news about it first came out in Oct 2017.

-KRACK is exploitable on the router itself only if you use it as wireless client or repeater.
-Standard AP/gateway AP has no vulnerability.
-Krack will be exploited on devices with older firmware (before 11.2017) like android or IOS < 11.1

Was under impression that KRACK could also be patched at the router/ access point level instead of mitigating at device. This appears to be incorrect. A device vulnerable to KRACK is vulnerable regardless of the access point being patched.

those posts were on a random forum I was reading and were from June 2018.

so assuming that info is accurate, basically… with your standard WiFi connection for the average user if your using a older smart phone that has not been patched your pretty much vulnerable. like it seems to be more of a issue with the desktop/laptop/smart phone being patch more than anything else even though technically it can be a issue on the router to in certain configurations. but it appears Windows/Linux on desktop/laptop are fine as it seems to be mainly a issue on older smart phones that likely won’t see a update. but as long as your not doing anything that you can’t afford someone else to get access to then you can still use those devices for basic use and not really worry much.

also, for one to potentially pull off the hack they have to be within wireless range of you (like if your using a vulnerable smart phone etc) and the access point (router). to state the obvious, wired connections are not effected.

p.s. keep in mind I don’t know all of the details but it seems the main thing the average user needs to know is they are likely vulnerable to this issue unless they are using a smart phone that has been patched around Nov 2017 or more recently.


#4

I can’t say I’m surprised. When a company releases a router, and then refuses to patch the router, and refuses to at least free/liberate/open-source the software so that someone else can issue (unofficial) updates… this is what happens: crap becomes insecure.