A recent Tripwire survey of 653 IT and security professionals and 1,009 employees who work remotely in the U.S. and U.K. has found that 55 percent of IT professionals and 85 percent of employees haven't changed the default IP address on their wireless routers.
The survey also found that 52 percent of IT professionals and 59 percent of employees haven't updated the firmware on their routers to the latest version, and 30 percent of IT professionals and 46 percent of employees haven't changed the default admin password on their routers.
Tripwire's Vulnerability and Exposure Research Team (VERT) also found that 80 percent of Amazon.com's top 25 best-selling small office/home office (SOHO) wireless routers have security flaws.
"[T]hreats to routers will continue to increase as malicious actors recognize how much information can be gained by attacking these devices," Tripwire security researcher Craig Young said in a statement. "Unfortunately, users don’t change the default administrator passwords or the default IPs in these devices and this behavior, along with the prevalence of authentication bypass vulnerabilities, opens the door for widespread attacks through malicious Web sites, browser plugins, and smartphone applications."