Your router may have been running for years without an update and with its default password. Find out what kinds of attacks this makes possible and why your router is the most neglected part of your network.
When you install antivirus software, update your phone, and use two-factor authentication—you feel safe. But in the corner of your living room or office, a device is flashing that you last looked at when the carrier technician installed it. The router has been running without a reboot for maybe three years. The firmware is from 2022. The password? The original five-character one, written on a sticker on the bottom of the device. An attacker may know it before you do, especially if the device is exposed to the internet or has weak security.
1. The Router — A Gateway That No One Guards
A router is the device through which every single data packet in your home or business network passes. Every email, every payment, every login, every video call. The router facilitates the transmission of this data and ensures its routing between devices and the internet.
Despite this, most users pay zero attention to their router. It’s installed once, forgotten about, and runs in the background for years. No updates, no password changes, no checks on settings.
And that’s exactly what makes it one of the most attractive targets for attackers.
There are specialized search engines on the internet that don’t scan websites—but rather devices connected to the internet directly. Routers, cameras, printers, smart TVs. These tools can identify the device model, firmware version, and open ports, and an attacker can filter them by country, manufacturer, or specific vulnerability. Slovakia is no exception.
2. Default Passwords — The First and Biggest Mistake
Every router manufacturer ships the device with a default username and password for the admin interface. This information is publicly available—on manufacturers’ websites, in manuals, and in databases of default passwords that anyone can download.
Typical examples:
- admin / admin
- admin / password
- user / user
- admin / 1234
If the service provider installed the router and did not change these credentials—and most do not—your router’s admin interface is accessible to anyone who gains access to the network or who finds the router directly via the internet, provided the admin interface is exposed to the outside world. An attacker doesn’t need a sophisticated exploit. All they need is a list of default passwords and patience.
3. Outdated firmware — a silent vulnerability
Firmware is the router’s operating system. Just like Windows or iOS, firmware contains bugs, and manufacturers continuously fix them by releasing updates. The problem is that, unlike a phone, your router won’t notify you on its own that a new version is available.
Security vulnerabilities in routers are recorded in international databases such as CVE (Common Vulnerabilities and Exposures). Each vulnerability is assigned an identifier, a description, and a severity score. Attackers monitor these databases just as closely as security researchers, and when a new vulnerability appears, automated tools begin scanning the internet within hours.
4. What an attacker does with a router
When an attacker gains access to a router, they aren’t interested in the router itself. They’re interested in what passes through the router and what lies beyond it.
4.1 DNS hijacking
DNS (Domain Name System) is a system that translates domain names into IP addresses. When you type in your bank’s address, the DNS tells you which IP address to connect to.
The router contains DNS server settings. An attacker who has access to the router can change these servers to their own. The result: when you type in your bank’s address, the DNS redirects you to a fake page—visually identical to the original. The URL in the browser looks correct, but the browser may display a certificate warning if the attacker is not using a trusted certificate. Nevertheless, many users ignore such warnings or do not notice them.
This is called DNS hijacking and occurs completely transparently from the perspective of the average user.
4.2 Man-in-the-Middle (MitM)
An attacker with control over the router can insert themselves between your device and the internet and eavesdrop on or modify communication in real time. This technique is called Man-in-the-Middle.
With unencrypted communication (HTTP), the attacker can see the entire content. With encrypted HTTPS, the situation is more challenging — modern browsers and mechanisms like HSTS (HTTP Strict Transport Security)provide additional protection. Nevertheless, older or less secure websites may still be vulnerable to techniques that attempt to bypass this protection.
4.3 Botnet — Your Router as a Soldier in a Foreign Army
An attacker doesn’t need your router to steal your data. They can simply exploit it as part of a botnet — a network of thousands or millions of compromised devices that the attacker controls centrally.
These devices then carry out the attacker’s commands—such as DDoS attacks, sending spam, or mining cryptocurrencies. All at your expense, using your electricity, and via your IP address.
The principle of a botnet is technically simple—compromised devices receive commands from a central server (C2) and execute them in a coordinated manner. The attacker can thus control thousands of devices simultaneously, with each one appearing as a regular user on the internet.
4.4 Lateral movement — from the router to the entire network
The router is a gateway. But behind it lies the entire network — a computer, phone, smart TV, IP camera, printer. An attacker who has compromised the router can move deeper into the network in a process called lateral movement.
