There are hundreds of vulnerabilities affecting routers (opens in a new tab) of all shapes and sizes, and most of them haven't been patched, a new Kaspersky analysis warns.
The company's report says that a total of 2021 new vulnerabilities were discovered in 506, of which 87 were rated critical. Of these, a third (nearly 30) were not addressed by their respective providers, while another 26% were important enough to receive only a notice.
Sometimes these prompts are followed by a solution, the researchers say, but more often than not they simply tell potential victims to contact customer service.
The absolute worst year for discovering critical flaws in router endpoints (opens in a new tab) was 2020, the year of the Covid-19 pandemic and subsequent remote work rush. That year, according to Kaspersky, 603 new vulnerabilities were discovered, almost triple the previous year (207).
These two things are correlated, the researchers further argue, because remote work puts most employees at the mercy of their (unpatched and unprotected) home routers. While most workers these days know pretty well how to protect their computers, laptops, and mobile devices, they don't know what to do with their routers.
According to figures from Broadband Genie, half (48%) have never changed their router settings, including default login credentials and their Wi-Fi password. Three quarters (73%) believe that it is not necessary, while 20% do not know how to change these things.
To keep any Internet-connected device secure, a person (or business) can do several things: keep firmware and software updated to the latest version at all times; install a powerful antivirus solution, as well as a firewall; enable multi-factor authentication on all available services and use a virtual private network (VPN) service.
For routers in particular, users should always use WPA2 encryption, disable remote access to the router, select a static IP address, disable DHCP, and use a MAC filter.
Via: VentureBeat (Opens in a new tab)