When throwing away a router or returning it to the operator, the information that it may have been collecting from users who connect to this device is not always taken into account. Well, security experts have confirmed that old routers could be used by cybercriminals to collect the personal data of their previous owners or operators.
Currently, all operators require you to return it if you do not want to pay a penalty. But, there was a time when it was not mandatory, so many decided to throw it away or keep the router for other uses. And this does not apply to home users, but also affects companies that throw away thousands of devices every year.
Ultimately, the researchers have concluded that, by not formatting the router’s data correctly, cybercriminals could use it to steal confidential information or even learn personal data from its previous owners. This is quite an alarming fact considering that hardly anyone bothers to restore this type of device before throwing it away, as they have discovered with this study.
What data routers collect
Security experts have warned of the serious mistake of discarding this class of devices without a data reset. More than anything, because WiFi routers collect different personal data that, in the wrong hands, can be a problem. This is because they can contain everything from customer data, credentials or keys to other network information. They even warn that many of these devices were left with their ports open.
For example, in the devices they have investigated, they have been able to find out that they contained credentials for the corporate VPN, credentials for another secure network communication service, or even encrypted root administrator passwords. In addition, all that data collected was more than enough for a cybercriminal to be able to identify who had been the previous owner or operator.
With this study, they have confirmed that, on the one hand, 22% of the routers they have studied had customer data. Instead, 33% exposed information that allowed third-party connections to the network, while 44% of routers had credentials to connect to other mesh networks. They have even confirmed that 89% of the routers that have been set aside contained access to different applications and security keys. And, most worrying of all. 100% of these devices had IPsec or VPN credentials, or encrypted root passwords.
With this research, it is intended to ensure that companies or users with a home router are in charge of taking the appropriate security measures. Therefore, before discarding these types of devices, you must be careful. To do this, you only have to worry about thoroughly eliminating any information or access that puts the personal data of the company or the people who have used it at risk. If you decide to change the router for a new one or you are going to throw it away to a clean point, the ideal is to format it.
