[lacnog] Study Finds 83 Percent of Home Routers are Vulnerable to Attacks

Lucimara Desiderá lucimara en cert.br
Jue Sep 27 17:33:52 BRT 2018


New Study Warns of Inadequate Security Provisions in Home and Office Routers

FOR IMMEDIATE RELEASE: Washington, D.C. (September 26, 2018)— “5 of
every 6 routers are inadequately updated for known security flaws,
leaving connected devices open to cyberattacks that can compromise
consumer privacy and lead to financial loss,” according to a new study
released today by the American Consumer Institute. The study, “Securing
IoT Devices: How Safe Is Your Wi-Fi Router?”— finds that the majority of
Wi-Fi router manufacturers are neglecting to update their firmware for
known vulnerabilities leaving consumers at risk of having their data
compromised and identity stolen.

The results show that this problem is pervasive among the most popular
Wi-Fi routers in peoples’ homes:

• 83 percent of the analyzed routers were found to have
  vulnerabilities to potential cyberattacks;

• Across all severity levels, 32,003 vulnerabilities were found in a
  sample of 186 routers— on average, routers contained 172
  vulnerabilities; and

• 28 percent of the vulnerabilities found were categorized as “high
  risk” or “critical” with an average of 12 critical vulnerabilities
  and 36 high-risk vulnerabilities for each router.

According to the study, the problem is likely to be more common for IoT
devices since cyberattacks can cause massive damage to all connected

“Simply resetting your router is not enough,” the study warns.
“Automated updates are by far the most feasible option to keep IoT
devices and consumer data safe.”

The study stresses the severe consequences of Wi-Fi router manufacturers
leaving IoT devices unpatched for known vulnerabilities and the urgency
for these manufacturers to commit more resources to identify and
mitigate vulnerabilities in open source to reduce cybersecurity threats
that put consumers, the infrastructure, and the economy at risk.

A full copy of the study is available online here.


Más información sobre la lista de distribución LACNOG