Most people don’t realize that their routers are, essentially, computers. Very simple computers designed to do one job, but computers nonetheless. And that apparently makes routers the equivalent of leaving all your stuff out on the lawn with a “Please Don’t Rob Me” sign hanging over it.
A security researcher who started picking apart routers as a hobby during his day job as a grade school IT director has found a pretty terrifying number of security vulnerabilities in common routers used by homes and businesses. In fact, if somebody can get at your router, that’s pretty much the ballgame:
In this follow up study, we addressed only the extraneous, non-router services that were present on the routers. What we found was that of the 10 routers reviewed, all 10 could be compromised from the (wireless) LAN once a router had USB attached storage connected.
Oh, we didn’t mention that this was a follow-up report on how your router was a security nightmare? Yeah, this is the second study with publicly released ways to get at your stuff. Also, a lot of these attacks are via services that are enabled the minute you plug the router in.
If this sounds like an enormous security problem, you’d be right. Even if a troll can’t breach your wifi password, all he or she really needs is, say, a password to a public router, say at your local Starbucks. Once they’re logged into the router, they can do anything they want with it, including attacks on other laptops in the area.
Even worse, it’s pretty hard to get people to fix these security holes. When was the last time you logged into your router? Have you ever logged into your router? People are so ignorant of how routers work, and router companies are so hesitant to address these security issues, than problems like this could persist for years.
In other words, you might want to stick to your smartphone. Even though that comes with its own problems.