If you’re reading this article from home, you’re likely connected to a consumer-grade Wi-Fi router, either wirelessly or via wired Ethernet. And if that’s the case, you should probably take this time to update your router’s firmware as soon as possible. That is to say Yes There’s even an update available from the manufacturer.
We say this because the Fraunhofer Institute for Communication (FKIE) in Germany recently conducted a test of 127 home routers to investigate their resistance to security threats. Of the routers the researchers tested, 91 percent of them were found to be running some version of embedded Linux, which is not surprising.
What was surprising, however, was that researchers discovered that not a single router was free of security flaws. In fact, many of these routers were found to be really susceptible to hundreds of known security vulnerabilities. Regarding modern vulnerabilities, we all know that no device is absolutely perfect. Security vulnerabilities in network products, especially routers, are found all the time, so it is critical for manufacturers to release frequent firmware updates and patches to at least stay something on top of recently discovered exploits. It is the responsibility of router manufacturers to provide continuous maintenance updates on their products.
However, FKIE found that more than 25 percent of the routers tested had not received a single security-related update in over a year (some up to five years). And the problems don’t end there. “Some routers have easy to crack or even known passwords that the user cannot change,” the FKIE researchers wrote. “Most firmware images provide private cryptographic key material. This means that what they are trying to protect with a public-private cryptographic mechanism is not secure at all.”
So, were there providers that at least did the effort try to prioritize the security of your hardware? Well ASUS, Netgear and German firm AVM were called in for their work to keep products regularly updated, with big names like D-Link, TP-Link and Linksys sometimes way behind. Regardless of the routers tested, the Linksys WRT54GL was the most prone to problems with a Linux kernel dating back to 2002 (version 2.4.20) along with a high severity 579 CVE test.
One of the best brands
In conclusion, the researchers added:
“Many routers work with very old versions of Linux. Most devices still work with a Linux 2.6 kernel, which is no longer maintained for many years. This leads to a large number of critical and high severity CVEs affecting these. devices”.
You can find the full research report here (PDF). The bottom line, though, is that you should research OEMs before you buy your next router and see what their track record is regarding security updates and firmware updates. Don’t let attractive pricing take your eyes off it, as it’s a piece of hardware that is likely to maintain and connect your devices and home to the Internet for years.
