Home
 » ISP News » 
Sponsored

Survey Warns Many UK Broadband Routers Open to Security Threats

Thursday, April 12th, 2018 (9:00 am) - Score 1,411
security of broadband isp routers

A new survey of 2,205 UK internet users (conducted between 22nd Feb to 22nd March 2018) warns that 82% of respondents have never changed the default admin password for their broadband ISP router and 86% have never updated its firmware. This could make them more vulnerable to hackers.

The Broadband Genie survey also asked respondents for the main reason why they had not made any of these changes. In response, almost half (48%) said they didn’t know why they would need to modify settings on their router and 34% said they did not know how. This is hardly surprising since most consumers will have received their router in a very simple plug-and-play package as part of a broadband bundle from their ISP.

Gagan Singh, SVP & GM Mobile at Avast Software, said:

“The reality is that many smart devices can be compromised, including thermostats, streaming boxes, webcams and digital personal assistants all through the router – and consumers and small businesses are among the most vulnerable users. The first step is to ensure the gateway into the home, the router, is secure. Otherwise, it can offer cybercriminals an easy way to get into our homes and access our personal information.”

As usual there are a few caveats that the survey does not appear to have considered. Firstly, the majority of broadband routers supplied by ISPs tend to be setup so that they can be automatically and remotely updated by the provider, which means that in most cases end-users may never need to consider doing a manual update (unless it’s a third-party device).

Secondly, the bulk of modern routers sold today – whether bundled by an ISP or via a third-party retailer – tend to be issued alongside randomly generated admin passwords. Admittedly some of those passwords aren’t particularly strong but this does at least make it harder to exploit (most manufacturers seem to have become wise to the obvious risk of shipping hardware with a universal admin password), even though you should still change it ASAP.

Some routers also give you the option of restricting administrative changes to only those made via wired (LAN) connections, which helps to remove some of the concern about remote WiFi (WLAN) access. Nevertheless we have in the past seen hackers exploit 0-day vulnerabilities to breach even ISP supplied routers, irrespective of such settings. As ever, there’s no such thing as 100% security.

One final point is on the issue of password strength. Many people still think that a good password is one that’s a short jumble of different numbers and characters, which is very hard for a human to remember. In reality the mathematical process needed to brute force a password is best tackled by creating a long password, albeit one using seemingly random words that are a lot easier for you to remember.

For example, rather than something complicated like “4352lkn2d9_B“, you might instead be better off with a nonsensical sentence, such as: “discontent_trade_Rubber_coin_tremble_rough_7” (ideally picking a grouping of words that would make more sense to yourself than anybody else). Now rather than taking days to crack it could take many.. many years.

Obviously none of this will help if you have a dumb device that limits password length to around 8-12 characters, which remains one of the most idiotic restrictions we’ve ever seen and is sadly still very common with a fair few online services.

Delicious
Add to Diigo
Mark Jackson
By Mark Jackson
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he is also the founder of ISPreview since 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on Twitter, , Facebook and Linkedin.
Leave a Comment
1 Response
  1. Billy

    Lloyds Bank, I couldn’t login one day and their technical support forced me to shorten my 16 character password to 15 characters because they had changed something in their system that made 15 characters the most you could have.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Comments RSS Feed

Javascript must be enabled to post (most browsers do this automatically)

Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your comment content, display name, IP, email and / or website details in our database, for as long as the post remains live.

Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.

NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.

NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.
Promotion
Cheapest Superfast ISPs
  • Hyperoptic £17.00 (*22.00)
    Avg. Speed 30Mbps, Unlimited
    Gift: Code: ONLINEDEAL
  • Vodafone £20.00 (*22.00)
    Avg. Speed 35Mbps, Unlimited
    Gift: None
  • TalkTalk £22.50
    Avg. Speed 36Mbps, Unlimited
    Gift: None
  • Plusnet £23.99 (*34.98)
    Avg. Speed 36Mbps, Unlimited
    Gift: None
  • First Utility £24.99 (*31.99)
    Avg. Speed 35Mbps, Unlimited
    Gift: None
Prices inc. Line Rental | View All
Poll
*Javascript must be ON to vote*
The Top 20 Category Tags
  1. BT (2232)
  2. FTTP (1646)
  3. FTTC (1466)
  4. Broadband Delivery UK (1458)
  5. Openreach (1183)
  6. Politics (1179)
  7. Business (1054)
  8. Statistics (932)
  9. Fibre Optic (859)
  10. Mobile Broadband (845)
  11. Ofcom Regulation (778)
  12. Wireless Internet (776)
  13. FTTH (755)
  14. 4G (735)
  15. Virgin Media (722)
  16. Sky Broadband (533)
  17. TalkTalk (511)
  18. EE (483)
  19. Vodafone (375)
  20. Security (361)
New Forum Topics
Promotion
Helpful ISP Guides and Tips
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms  ,  Privacy and Cookie Policy  ,  Links  ,  Website Rules