The router is the Internet entry point in our house or the exit point of our computer and mobile devices to the Internet, depending on how you look at it. That makes it a key device in installation and one of the most important targets for cybercriminals. For that reason, your protection should come first and be one of our priorities. However, this is not usually the case and, in the same way that we worry about changing the email password, activating 2FA in social networks or installing a good antivirus in Windows, we rarely pay attention to this element.
Routers can be attacked in many ways and exploiting discovered vulnerabilities is often one of them. Another way is to use the default login credentials that many models continue to use and that users do not change. This refers to the password that we have to enter after accessing the router’s IP address. In too many cases, it is still admin or 1234, a poisoned legacy of the manufacturers that can bring us many problems.
Routers Vulnerable to Attacks Using Default Passwords
6.4% of the most popular WiFi routers sold on Amazon still use default passwords to access their administration. This is something that has been uncovered by Comparitech in a study and that would amount to thousands that can be attacked remotely using the credentials that can be obtained with a simple Internet search.
In the previous box we have the percentage of routers of each model that can be accessed using the manufacturer’s default password . To obtain the list, the best-selling Amazon models in the United States in 2021 have been taken, although it should not be too different from the situation in Spain in particular and Europe in general.
The Comparitech team used free tools to scan the web for the 12 best-selling models on Amazon. Once located, they used an automatic script that tried to access each of the models with the default passwords. A total of 9,927 routers were tested and 635 of them were vulnerable .
The Asus or MikroTik models did not fail at any time since they usually ask for an access password to be set once they are configured for the first time. This is ideal from a cybersecurity point of view, as the user will have their own password and a default password will never be used.
Therefore, we recommend that you “lose” 5 minutes to review the security settings of the router. To do this, we must access 192.168.1.1, 192.168.0.1 or whatever the access address is. Once logged in, we will check the password and establish a personalized one that is not the one that comes by default. In this way, we can save ourselves a lot of headaches.