Home routers – more vulnerable than we know!

Germany’s Frauhofer Institute for Communication (FKIE) conducted a study of 127 home routers to check for potential vulnerabilities in the product. The routers were from seven different manufacturers and contained the latest firmware.

The results, however, were not so amusing. According to the reports, 46 routers were not updated for security since the past year. Additionally, many routers were affected by hundreds of known vulnerabilities. It also showed many vendors to continue shipping firmware updates without fixing the existing ones – keeping the routers vulnerable, despite being updated.

FKIE noted that ASUS and Netgear were more capable of integrating security in their routers – when compared to other companies like D-Link, Tp-Link, Linksys, and Zyxel. However, the researchers concluded that the need for more security in home routers is indeed apparent.

Regarding private keys integrated into the router system, the report found Netgear router 6800 to contain 13 private keys while AVM - a German router manufacturer was the only vendor that didn’t publish private cryptographic keys.

In the study, about 90% of the routers used a Linux operating system. However, the router vendors failed to update the devices with the fixes ‘conveniently’ available from Linux. In fact, Linux releases security patches several times a year, giving manufacturers the opportunity to distribute security patches often. Unfortunately, they do not!

In the worst cases, the FKIE study found some routers to have not been updated for more than five years.

The results from the study by FKIE is similar to the findings from 2018 US study by the American Consumer Institute (ACI) that analyzed 186 home/office routers by 14 different manufactures. The ACI study reported 83% of the firmware to contain multiple vulnerabilities.




Read next: These are the most (and least) internet friendly cities around the world (infographic)

No comments:

Post a Comment