Skip to content

Month: March 2016

Testing Wi-Fi Routers for Fun and Profit

I’ve written here before about “empirical journalism” and the idea that reporters don’t have to wait for experts to conduct studies that might help readers. Continuing with that idea, recently I worked with a computer researcher to evaluate the security of popular Wi-Fi routers for a story.

The novel survey showed that half the devices arrived with known, previously documented security weaknesses. Only two required users to change from the default password–something that computer security pros have been demanding for many years. Half didn’t let users easily check for new software during the standard setup process. Instead, users had to search on the Web themselves or run optional programs. Two actually told users that updated software wasn’t available, when in fact it was, and one directed users to download new software that itself had a severe, documented security flaw.

Security of Wi-Fi routers might not sound too sexy. But routers already have been used in attacks to disrupt networks or siphon people’s data. And they’re one of many types of devices that are being connected to the Internet but that don’t receive the security attention of PCs. Trust me, these devices are poised to become more important to hackers in the future; almost every security pro I talk with sees things like this as a weak link.