Skip to main content

Study: Popular Wi-Fi routers are easy to hack, and there’s no foolproof way to secure them

wifi-router-flickr
Image used with permission by copyright holder

Even the most popular, feature-rich Wi-Fi routers are easy to hack, according to a study by Independent Security Evaluators. Even worse, there really isn’t much you can do to protect yourself from malicious attacks, and you can only hope your router vendor issues a security update in time. ISE tested 13 routers, including ones made and issued by Linksys, Belkin, TP-Link, and Verizon, and found that they could all be exploited by both remote and local adversaries. Remote adversaries can hack a router even when it’s not connected to it via Wi-Fi, while local adversaries must be connected to the router.

According to CNET, ISE primarily broke through the routers’ security barriers by using either unauthenticated attacks (which require victims to click on malicious links to infect the device so hackers can gain access to the router even when the victim isn’t logged in), or authenticated attacks, in which the hacker has to know the routers’ login credentials and the victims have to be logged in. When someone exploits your Wi-Fi router, they also gain access to what’s behind your firewall, including sensitive info on your compromised devices like passwords, credit card or social security numbers, or online banking details. In 2011, for instance, due to one vulnerability shared by six different manufacturers’ modems, 4.5 million DSL modems in Brazil were compromised with the attackers aiming for bank and credit card info. 

The router vendors in the study were already notified of the vulnerability, and, according to ISE, some of them acted quickly and have already come up with fixes ready for beta testing in a few days. However, some of the other manufacturers don’t seem to be doing anything about it at the moment. Since no fix exists yet, you can’t patch up your router to make sure you’re safe, but you should be okay as long as you secure your wireless network and you browse the Internet safely. ISE’s analysts also recommend changing your username and password to something else other than your router’s default if you can, using WPA2 security protocol instead of WEP, changing the router’s IP address if possible, updating your firmware, and clearing your browser’s cookies and cache every time you change the router’s settings.

[Image via William Hook/Flickr]

Mariella Moon
Former Digital Trends Contributor
Mariella loves working on both helpful and awe-inspiring science and technology stories. When she's not at her desk writing…
A dangerous new jailbreak for AI chatbots was just discovered
the side of a Microsoft building

Microsoft has released more details about a troubling new generative AI jailbreak technique it has discovered, called "Skeleton Key." Using this prompt injection method, malicious users can effectively bypass a chatbot's safety guardrails, the security features that keeps ChatGPT from going full Taye.

Skeleton Key is an example of a prompt injection or prompt engineering attack. It's a multi-turn strategy designed to essentially convince an AI model to ignore its ingrained safety guardrails, "[causing] the system to violate its operators’ policies, make decisions unduly influenced by a user, or execute malicious instructions," Mark Russinovich, CTO of Microsoft Azure, wrote in the announcement.

Read more