Original article ISPreview UK:Read More
A new survey of 3,242 UK internet users, which was conducted on behalf of Broadband Genie and supported by McAfee’s cybersecurity researchers (inc. threat intelligence data), has claimed that millions of people could be leaving their home networks open to hackers because 47% fail to change ANY of their router’s default settings.
The survey also found that 69% of respondents had never changed their WiFi password, while more than 80% have left both their router name and admin credentials at their factory defaults. Older users (65+) were also said to be most at risk, with 62% saying they’ve never changed their router’s settings. While younger users are more engaged. Among 18-24 year olds, only 29% said they had never accessed their router.
According to the survey, this is said to equate to around 12.7 million vulnerable home routers across the UK. When asked the main reason why users haven’t changed their router’s default settings, the overwhelming majority (73%) stated that they didn’t understand why they would need to (down from 75% last year), followed by 22% not knowing how to. The latter is a bit surprising, as most routers include clear instructions for doing this and often recommend it as part of the setup routine.
Oliver Devane, Senior Security Researcher at McAfee, said:
“Many default settings can be dangerous in the hands of cybercriminals. Your router is the gateway to all the connected devices in your home, so it’s key to make sure it’s secure, and that means updating the settings as well as employing best practices.
Just like changing the lock on your front door, changing the default router password will ensure only authorised people can access your home network.”
However, while the above is correct, it’s still always wise to take opinion surveys like this with a sizeable pinch of salt. Part of the reason for that, in this case, is because most broadband routers are supplied to homes by ISPs, which tend to come with a randomly generated router password (some of these can be quite strong, but not always – experiences do vary).
In the past some routers (quite a few years ago now) were, sadly, supplied with easy to guess universal passwords. But that hasn’t been the norm for a while now, and the government’s recent Secure by Design rules have since technically banned easily guessable passwords like ‘admin’ or ‘12345’ from shipping with newer devices.
However, the fact that your router is often the single most important device in your home network for security should be incentive enough to ensure that you’ve set a strong password and not simply used the one supplied by your ISP, which may or may not be effective. The safest rule is to never assume it’s going to be secure out of the box.