Kim Komando offers flawed advice on router security

Kim Komando offers flawed advice on router security

Despite her claim, updating the firmware is far from sufficient to keep out hackers

An article in yesterday's USA Today by Kim Komando, How to keep hackers out of your router, claims that updating the firmware in a router will keep out hackers. This is not even close to being true and, in another context, would be considered malpractice.

I'll illustrate how flawed her premise is with an analogy. Suppose you went to a doctor seeking advice on being as healthy as possible and were told that simply taking a vitamin pill is all that's necessary to live to 100. Obviously, there's more to it. 


The article as it appears on

Not only is the advice terribly incomplete, but Ms. Komando seems to be living in a fantasy world where router manufacturers always fix security flaws. Often, they do not. 

Komando also engages in scare mongering, writing that

Hackers are continually looking for targets. Armed with just a few details that are readily available online, your personal files and devices are at risk. It only takes knowing a router’s IP address and administrative password to get on a network. A simple Google search is all it takes to find both for just about any router make and model.

To hack into a router, a bad guy needs more than just an IP address and a router password. Most routers do not respond to commands issued to them over the Internet. If a router does, then chances are that it was configured that way by an Internet Service Provider (ISP).

This leads to one of the first recommendations I make on my site - don't use a router provided by your Internet Service Provider. ISPs are notorious for the security failings in the way they configure routers. 

Perhaps the best thing you can do for router security is to buy one from a company that cares about the software it runs. That means avoiding consumer routers too. Manufacturers of consumer routers want the software to be cheap, not secure. There is no reward in the consumer marketplace for router security. 

As for the actual configuration changes that can make a router more secure, I have a list of 13 items on the home page. This is not a complete list, but it would make any router far more secure. Updating the router firmware is the last item on the list.


Interestingly, the router world is changing. More and more routers are dumping the web interface with 312 options and replacing it with a mobile app with very few configuration options. It can be thought of as Routers for Dummies.

My fear with these new consumer-focused routers is that security features may get thrown overboard.

I don't know for sure, because no router review ever discusses the security of the router, other than to recommend WPA2. Anyone can read a multitude of reviews of the Eero, Luma, Starry Station and OnHub routers and come away with no clue whether they can disable UPnP, Telnet, SSH, SMNP, WPS, IPv6 or how isolated their Guest networks really are. Reviewers care about Wi-Fi speed, Wi-Fi range and little else.

Another change, as Ms. Komando mentioned, is that some new routers can self-update. That is, they download and install new firmware on their own, much like a Chromebook. Among the self-updating routers are Google's OnHub, Eero, Luma, the Synology RT1900ac, Starry Station and the upcoming Turris Omnia, if it ever ships.

However, self-updating is not necessarily nirvana. For example, if a network starts mis-behaving on a Wednesday, was it because the router was updated Tuesday? Can you even tell the last time a self-updating router was updated? Does the vendor document the changes in each update?

Item 16 on my Router Security Checklist has fifteen considerations for self-updating routers. I hope to get my first self-updating model soon, and I will report how well it does when measured against these criteria.


USA Today claims that "Tech columnist Kim Komando offers the best advice for keeping your Internet router secure." This could not be further from the truth.

The best advice is available, without ads, on my site.

But, you don't need to believe me. Excellent advice is also available from Lucian Constantin of IDG News Service (July 2016), Kevin Dearing at (March 2015), Leo Notenboom of (May 2016) and Craig Young of Tripwire (Feb. 2014 and again in April 2015). Much of the advice overlaps, the list of security tweaks is only so long. 


Banner from

Ms. Komando describes herself as America's digital goddess. I see her as unqualified.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.



Join key decision-makers within Environmental, Social, and Governance (ESG) that have the power to affect real change and drive sustainable practices. SustainTech will bridge the gap between ambition and tangible action, promoting strategies that attendees can use in their day-to-day operations within their business.

EDGE 2023

EDGE is the leading technology conference for business leaders in Australia and New Zealand, built on the foundations of collaboration, education and advancement.


ARN has celebrated gender diversity and recognised female excellence across the Australian tech channel since first launching WIICTA in 2012, acknowledging the achievements of a talented group of female front runners who have become influential figures across the local industry.

ARN Innovation Awards 2023

Innovation Awards is the market-leading awards program for celebrating ecosystem innovation and excellence across the technology sector in Australia.

Show Comments