Home Routers Are All Broken, Finds Security Study

Home Routers Are All Broken, Finds Security Study

Updating routers with the latest firmware is a frequent recommendation to improve network security. When it comes to home routers, though, the latest updates won't help you much. According to a study by Germany's Fraunhofer Institute for Communication (FKIE), vendors have failed to fix hundreds of vulnerabilities in their consumer-grade routers, leaving people exposed to a wide range of attacks.



The FKIE examined 127 routers spanning seven large vendors and found security flaws in all of them, it said in a report released in late June. It called its results "alarming."



"Many routers are affected by hundreds of known vulnerabilities," it warned. "Even if the routers got recent updates, many of these known vulnerabilities were not fixed."



The routers usually failed to use exploit mitigation techniques, it said, adding that some had passwords that users could not change, and which were either well-known or easy to crack. "Most firmware images provide private cryptographic key material," it continued. "This means, whatever they try to secure with a public-private crypto mechanism is not secure at all."



The Institute used a firmware analysis and comparison tool to extract and analyze the routers' most recent firmware. It found that 46 of them had received no security updates within the last year. At least 90% of the routers used Linux, but over a third of them used version 2.6.36 of the Linux kernel or even older. At the time of writing, the current Linux kernel is 5.7.7. The last security update for version 2.6.36 was in February 2011.



Even the best devices had at ..

Support the originator by clicking the read the rest link below.