Cybersecurity researchers have advised the users to change the manufacturer’s default access credentials of their Wi-Fi home router to minimize the risk of being compromised.
One in 16 home Wi-Fi routers still uses the manufacturer’s default administrator passwords, a recent survey concludes.This vulnerability could allow threat actors to carry out all kinds of cyberattacks, including router hijacking and victim eavesdropping.
These routers, which number in the tens of thousands, can be remotely found and attacked using publicly available passwords, granting malicious hackers’ access to the victim’s home network.
The researchers used an automated script to scan the web for these routers and log in to the router’s management dashboard using the manufacturer’s default password. Of the total of 9,927 routers tested, 635 were found to be susceptible to default password attacks.
The findings of the team’s investigation seemed to indicate that some of the routers could have been more persistent in prompting users to change the manufacturer’s default password upon first setting up the device.
The AsusRT and MikroTik routers could not be accessed at all despite hundreds of tests, indicating they require users to change their default passwords before an internet connection is allowed through.
On the other end of the spectrum, roughly one in six ZTE ZXV10, XFinity, and NetGear Ethernet Plus Switch routers were found to be vulnerable to default password attacks unless the default admin password is changed.
A router with default access credentials can give the threat actor a foothold on your home network and even the devices connected to it. When a cybercriminal steps into the door, he uses access to monitor the behavior of devices connected to the router, the websites he is browsing, and unencrypted data sent over the network.
An attacker could use the router as a proxy to download pirated content, visit illicit sites, or access illegal material. You could be suspected of or held liable for these activities. To mitigate the risk users are advised to change the router’s default admin password upon first setting the device.