Home routers are as hollow as Swiss cheese, putting countless consumers that use the devices at unimagined risks.
This is according to a report from Germany's Fraunhofer Institute for Communication (FKIE) which found that almost all routers have insufficient security measures.
Out of 127 routers that were analysed for the report, 46 haven't had a single security update in a year. All of these were vulnerable to “hundreds” of known flaws. The institute also uncovered that some manufacturers issue firmware updates that do basically nothing – they don’t fix known vulnerabilities, giving users a false sense of security when they do update them.
In some cases, routers haven’t been updated for five years. Furthermore, almost nine in ten routers use an outdated version of Linux that’s full of flaws and their manufacturers can’t be bothered to update to a more secure version.
"Linux works continuously to close security vulnerabilities in its operating system and to develop new functionalities. Really, all the manufacturers would have to do is install the latest software, but they do not integrate it to the extent that they could and should," said Johannes vom Dorp, a scientist at FKIE's Cyber Analysis & Defence department.
"Numerous routers have passwords that are either well known or simple to crack – or else they have hard-coded credentials that users cannot change," he added.
As the gateway to the internet, huge amounts of sensitive data pass through home routers every day.