Your router is the gateway to the internet, like the front door to your home. And like that front door, it should be secure, accessible only to authorised people, and guard what goes in and out. But, surprisingly, many router brands are not secure.

We asked Google “which brands of router are considered insecure?” and here’s what it said.

AI Overview

Based on reports from security researchers, government agencies, and consumer advice organizations, several router brands are frequently cited as having security vulnerabilities. These concerns often stem from unpatched firmware, weak default configurations, or geopolitical security risks. 

Brands Considered Insecure or Risky

• TP-Link: Currently under intense scrutiny, with US officials and intelligence agencies investigating potential ties to Chinese state-sponsored cyberattacks. Reports have suggested their devices may be used in botnets.

• Huawei: Frequently cited by Western governments as a security risk, with some of its older equipment (like the TalkTalk HG533) flagged for never-fixed, known vulnerabilities.

• Netgear, Linksys, D-Link, ASUS: While popular, these brands are often noted in research as having models with “disgracefully old” software components and a lack of timely security updates for older devices. A 2020 study found 127 consumer routers from these brands contained hundreds of vulnerabilities.

• MikroTik: Researchers have found their devices targeted for recruitment into massive botnets, often due to poor default setup and lack of hardening by the end-user.

• Budget/White-Label Brands (Jetstream, Wavlink, etc.): Inexpensive routers sold on sites like Amazon and Walmart have been identified by security researchers as having hidden backdoors and being exploited by botnet malware.

General Security Trends 

• ISP-Provided Routers: Verizon and other ISPs have historically been criticized for providing routers with outdated, insecure encryption standards like WEP.

• End-of-Life Devices: Almost any router that is more than a few years old and no longer receives firmware updates is considered insecure. 

Recommendations for Better Security 

1. Keep Firmware Updated: The most common risk is unpatched software.

2. Avoid Default Settings: Change the default admin password and network name (SSID) immediately.

3. Disable Remote Administration: Turn off features that allow the router to be managed from the internet.

4. Consider Third-Party Firmware: Using open-source options like OpenWrt or DD-WRT can sometimes make a router more secure than the manufacturer’s original software.

5. Use a Separate Modem/Router: Consider using a standalone modem and a separate, more secure router (e.g., Ubiquiti, Netgate).

Our buying advice

For business, we use and recommend Ubiqiti.

• Ubiqiti frequently updates their device firmware

• The Ubiqiti model can easily be extended to cover a single large home or office

• Ubiqiti networks in different offices work together