Why do so many wireless routers lack basic security protections?

Many popular routers include security flaws, but here are some tips on how to secure your wireless router, according to Consumer Reports.

A Russian cyberattack is targeting home routers US officials are warning that hackers with ties to the Russian government are targeting consumer internet routers.

Despite increased attention on cybersecurity in the enterprise and at home, many popular wireless routers still lack basic security protections, according to a new report from Consumer Reports' Digital Lab initiative.

The Digital Lab studied 29 routers (20 traditional and nine mesh) and evaluated them for about 60 different security and privacy practices, as well as 100 other data points to evaluate speed, ease of use, and other factors. 

SEE: Securing IoT in your organization: 10 best practices (free PDF) (TechRepublic)

Routers "are the conduit through which all of your data travels, so it's crucial that we look closely at how they handle security," Robert Richter, who oversees security and privacy testing for Consumer Reports, said in a blog post. 

Security issues discovered included:

  • 20 routers allow users to change the password, but not the username, of their web apps, which are used for changing settings including the Wi-FI password

  • 20 routers don't protect against multiple failed login attempts, potentially allowing a hacker to use software that cycles through passwords until one breaks in

  • 11 routers allow users to set very weak passwords (those with fewer than eight characters, or that lack any complexity). One does not require users to change the default login credentials of "admin" and "password" 

  • Two-third of routers had the networking protocol Universal Plug and Play (UPnP) turned on by default, which has a history of security vulnerabilities

  • 11 routers don't support automatic software updates

  • Few router manufacturers state how long they will provide firmware updates for

"Many of the problems we found were simple but meaningful—and they should be easy for manufacturers to fix," Richter said in the post. 

In terms of performance, 18 of the 20 traditional routers tested earned a score of Good or better for throughput over distances of about 28 feet. All nine mesh routers earned a score of Good or higher for midrange and far-range throughput at a distance between 44 and 100 feet, so if you have a larger area that needs consistent coverage, that may be the best choice. 

The traditional routers that scored well on security, privacy, and performance include the Synology RT2600ac and the Netgear Nighthawk X10 AD7200. The mesh routers that scored highest across the three categories included the Netgear Orbi and Eero

SEE: Special report: Cybersecurity in an IoT and mobile world (free PDF) (TechRepublic)

How to secure your router

No matter what internet router you have in your office or home, there are several steps you can take to make sure it is as secure as possible, the report noted. 

Users can access their router settings (via the router's mobile app or web interface) and do the following: 

1. Set a strong password

2. Disable features you don't use, including UPnP, and turn off Remote Administration/Management

3. Turn on automatic updates, or, if that's not an option, periodically check for new software updates manually

4. Turn on WPA2 or WPA3 (if available on your router), and make sure WEP is turned off 

If your router is old and only supports WEP or WPA, or if it no longer receives any updates, you need to purchase a new router, the report recommended. 

For more, check out 5 popular home office network wireless routers: How do they stack up? on TechRepublic. 

Also see 

Wireless router concept. Man using smartphone

Image: iStockphoto/simpson33

By Alison DeNisco Rayome

Alison DeNisco Rayome is a Senior Editor for TechRepublic. She covers CXO, cybersecurity, and the convergence of tech and the workplace.