Way back in 2018, Broadband Genie ran a survey looking at Wi-Fi router security. In that poll, we asked how many people had ever made changes to their router settings, such as choosing a new admin password or updating the firmware.
What we discovered was that a significant number of UK home broadband subscribers not only weren’t taking basic preventative security measures, but many had no idea how to do this, or even why they would need to.
Four years later, we asked a similar set of questions to see whether the situation has improved in 2022.
We’ve found that while some of the numbers have shifted in the right direction, there is still a concerning knowledge gap that could endanger the security and privacy of home broadband users.
We started by looking at whether people had carried out some basic tweaks to their router configuration, such as changing the Wi-Fi password.
While lots of you have changed Wi-Fi passwords, far fewer of us are doing other maintenance and administrative tasks. Only a minority have ever updated the firmware, which is crucial to keep your router protected from security threats.
Nearly half of those surveyed had not carried out any of the changes. This is barely changed
from 2018 when we found 51% had not modified any settings.
So what are the reasons behind this reluctance to tweak home broadband routers?
A few people indicate they tried but were stymied by a lack of documentation or confusing interfaces. A small but significant percentage said they don’t know how, but it is encouraging to find that this number has dropped from 34% in 2018.
The vast majority of our survey respondents do not know why they would need to make these changes. Worryingly, this is an even higher number than it was four years ago.
We also asked people how long they’d had their routers. While the majority were two years old or less, 18% have had theirs for five years or more.
Older routers may not only lack useful features found on newer hardware (like better Wi-Fi) but may no longer receive firmware updates and could be vulnerable to security flaws. Going by the other results, many of these routers have been running for five years on the original firmware with default settings.
Luis Corrons, Security Evangelist at Avast said: "There are Wi-Fi hackers who know the default admin credentials for almost all the popular routers on the market. If someone can reach your Wi-Fi network, they can try logging into your router with that information. And if they’re successful a whole new set of threats can emerge, from spying on your internet traffic, to hogging your bandwidth, stealing sensitive information you enter into unencrypted websites, and installing malware. If you’ve never updated the login credentials after installing a router, you’re setting yourself up as an easy target for a router password hack.
"Firmware is the name for software that governs a specific piece of hardware — in this case, your router. Like your computer’s operating system or any of the programmes and apps you use, firmware can be updated.
"If you don’t update your router firmware, hacking exploits that target your old firmware have a much greater chance of success. Firmware updates can protect your router against any vulnerabilities that might be discovered in older versions of your firmware. Some routers will be able to check for firmware updates, but you can always log in to your router’s admin settings, find the firmware section, and take a look for yourself.
Updating router firmware also has the added benefit of fixing any software bugs that development teams may have spotted.
"There are Wi-Fi hackers who know the default admin credentials for almost all the popular routers on the market. If someone can reach your Wi-Fi network, they can try logging into your router with that information. And if they’re successful a whole new set of threats can emerge, from spying on your internet traffic, to hogging your bandwidth, stealing sensitive information you enter into unencrypted websites, and installing malware.
"It’s also worth changing the router’s network name, also known as SSID (service set identifier). New routers often display the brand of the router in the SSID, and Wi-Fi hackers can use that information to help them crack your password. Set a custom network name instead so that they won’t know which type of router you have. The fewer clues you give an attacker, the harder their job will be.
"The router is often an overlooked device, but it’s the gateway to the internet, and if it’s compromised it provides an attacker with access to the entire home network which can be abused to steal personal information, spy on people or launch widespread cyber attacks. Particular attention should be paid to Internet of Things (IoT) devices as the adoption of them in the home continues to rise rapidly. These devices often come with no underlying security framework to protect them, and as they rely on the network to function, anybody who can gain access to the network has the potential to control them."