One in 16 home Wi-Fi routers is still sporting the manufacturer’s default admin password, a recent study conducted by technology website Comparitech revealed. This flaw could allow cybercriminals to conduct all manner of cyberattacks, including hijacking the router or eavesdropping on their victims.
“These routers, which number in the tens of thousands, can be remotely found and attacked using publicly available passwords, granting malicious hackers access to the victim’s home network,” reads the study.
Comparitech’s research team analyzed the 12 most popular Wi-Fi home routers models being sold on Amazon. To test these devices, the researchers scanned the web for these routers and then used an automated script that used the manufacturer’s default passwords to log in to the router’s admin dashboard. Out of the total of 9,927 routers that they tested, they found that 635 were susceptible to default password attacks.
The results of the team’s investigation seemed to suggest that some of the routers could have been more persistent in prompting users to change the manufacturer's default credentials during the initial setup process.
The AsusRT and MikroTik routers performed best since they couldn’t be accessed at all using the default passwords even though the researchers conducted hundreds of tests. Meanwhile, other routers didn’t fare as well.
“On the other end of the spectrum, roughly one in six ZTE ZXV10, XFinity, and NetGear Ethernet Plus Switch routers were found to be vulnerable to default password attacks unless the default admin password is changed,” said Comparitech. The full list of routers tested is available on Comparitech’s website.
A router with the default access credentials could grant malicious actors a foothold into your home network and even to the devices connected to it. Once they have their foot in the door, the cybercriminals could use the access to monitor what any device connected to the router is doing, what websites they’re browsing, and they could see any unencrypted data being sent over the network. Moreover, the threat actors could also abuse your connection to download pirated content or use it to access illegal materials, potentially making you a suspect or being liable for these activities.
That’s why it’s always prudent to change your Wi-Fi router’s default administrator password during its initial setup process. Make sure that when you’re doing that you avoid the common mistakes of password creation and create a strong and unique password. However, remember that you should use distinct passwords for accessing the Wi-Fi router admin settings and connecting to the internet via the router.
The study brings echoes of a similar investigation conducted by the British consumer watchdog Which? that found Wi-Fi routers contained various security flaws, including the use of weak default passwords, putting millions of Brits at risk. If you’re looking to mitigate the chances of your router getting compromised by threat actors, you can check out our tips for boosting your router security. And for safe measure, you would do well to review your router’s configuration settings as well.