Tuesday, January 26, 06:05
Home security Home routers display critical errors and run unpatched Linux

Home routers display critical errors and run unpatched Linux

The German Fraunhofer Communication Institute (FKIE) conducted one research which included 127 home routers from seven different brands, in an effort to address the presence of security errors in the latest firmware. The results of the research are worrying. In particular, according to the survey, 46 routers have not received a single security update in the last year and run unpatched Linux, while many routers are affected by hundreds of known errors. In addition, suppliers ship updates firmware without correcting known bugs, which means that even if a consumer installs the latest firmware from a supplier, the router will still be vulnerable.

The results of the study showed that ASUS and Netgear do a better job of securing routers, compared to D-Link, Linksys, TP-Link and Zyxel. However, the industry needs to do more to strengthen and secure home routers.

home router errors

The FKIE also found that AVM, a German router company, was the only supplier that did not publish private encryption keys on its router firmware. The Netgear R6800 router contained 13 private keys. In the worst cases of devices evaluated by the FKIE, the routers have been receiving updates for more than five years. About 90% of the routers included in the survey used operating system Linux. However, manufacturers do not update the operating system with corrections available from Linux kernel maintainers.

Johannes vom Dorp, a scientist at the FKIE Cyberspace Analysis and Defense Department, said Linux is constantly working to close security errors in its operating system and develop new ones. functions. He added that manufacturers will have to install the latest software, but do not incorporate it to the extent that they could and should. He also mentioned that they have many routers passwords which are very common or simple, and therefore can easily "break".

The survey looked at five key points in firmware images to evaluate each manufacturer's approach to cyber security. These included a) the days since the last firmware update, b) how old the operating system versions running these routers are, c) the use of utilization mitigation techniques, and d) the presence of hard-coded credentials connection.

home router

According to the FKIE, router manufacturers are significantly slower to provide security updates than operating system manufacturers. The router's information policy is far behind the standards known by desktop or operating systems. server. Most of the devices are powered by Linux and security codes for Linux kernel and other open source software are released several times a year. This means that suppliers could distribute security updates to their devices much more often, but they do not, according to FKIE.

The results reflect the findings of a survey conducted in 2018 by the American Consumer Institute (ACI) in the United States, which analyzed 186 home routers from 14 different suppliers. According to its results, 155, 83% of the firmware sample had vulnerabilities in possible cyber attacks, while each router had an average of 172 vulnerabilities. In addition, ACI has criticized router manufacturers for not providing an automatic notification mechanism to update routers. Updates are usually made after serious attacks targeting a router, such as the Mirai IoT malware and state-funded VPNFilter malware.

FKIE's research found that more than a third of devices use version 2.6.36 or earlier, while the latest security update for 2.6.36 was released in February 2011. It also found a Linksys WRT54GL router with Linux version 2.4 core. 20 released in 2002. Finally, according to research, the worst case scenario for high-serious errors is the Linksys WRT54GL router powered by the oldest core found in the survey, while there are 579 high-serious errors affecting this product.


Please enter your comment!
Please enter your name here

Every accomplishment starts with the decision to try.



COVID-19 vaccines: Ways to protect supply chains

The development of vaccines for COVID-19 in such a short period of time has created many challenges and these are not only related to ...

How do insurance companies "enhance" ransomware attacks?

Ransomware attacks have increased significantly, with experts warning that their victims should not pay ransom to hackers ....

Russia: "US may be planning retaliation for SolarWinds hack"!

The Russian government warns the country's organizations about possible cyber attacks that the US may carry out, as "retaliation" for the hack ...

iPhone: How to see which apps have access to your contacts

Some iPhone privacy issues go deeper than accessing your contacts list, which exposes your contacts to ...

COVID-19: Google makes vaccination clinics available

Google CEO Sundar Pichai said Monday that the company will make its facilities available to become clinics ...

Netflix offers "studio quality" audio upgrade on Android

Do not be surprised if Netflix sounds better the next time you run a marathon with rows on your Android phone ...

Will Bitcoin return to $ 40.000? There is concern!

Bitcoin lovers who take his return above the level of $ 40.000 for granted have been worried because the demand ...

Avaddon ransomware: Its operators threaten with DDoS attacks to get ransom!

Lately, more and more ransomware gangs tend to threaten their targets with DDoS attacks in order to secure profits ....

Volunteer firefighters will be trained through VR simulation

Volunteer firefighters in the Australian state of Victoria will soon have access to the virtual reality (VR) training that will be available in ...

Tesla: Accuses its former employee of stealing her confidential data!

On January 23, Tesla sued former employee Alex Khatilov for stealing 26.000 confidential documents, including trade secrets. The software ...