Friday, August 7, 05:23
Home security Home routers display critical errors and run unpatched Linux

Home routers display critical errors and run unpatched Linux

The German Fraunhofer Communication Institute (FKIE) conducted one research which included 127 home routers from seven different brands, in an effort to address the presence of security errors in the latest firmware. The results of the research are worrying. In particular, according to the survey, 46 routers have not received a single security update in the last year and run unpatched Linux, while many routers are affected by hundreds of known errors. In addition, suppliers ship updates firmware without correcting known bugs, which means that even if a consumer installs the latest firmware from a supplier, the router will still be vulnerable.

The results of the study showed that ASUS and Netgear do a better job of securing routers, compared to D-Link, Linksys, TP-Link and Zyxel. However, the industry needs to do more to strengthen and secure home routers.

The FKIE also found that AVM, a German router company, was the only supplier that did not publish private encryption keys on its router firmware. The Netgear R6800 router contained 13 private keys. In the worst cases of devices evaluated by the FKIE, the routers have been receiving updates for more than five years. About 90% of the routers included in the survey used operating system Linux. However, manufacturers do not update the operating system with corrections available from Linux kernel maintainers.

Johannes vom Dorp, a scientist at the FKIE Cyberspace Analysis and Defense Department, said Linux is constantly working to close security errors in its operating system and develop new ones. functions. He added that manufacturers will have to install the latest software, but do not incorporate it to the extent that they could and should. He also mentioned that they have many routers passwords which are very common or simple, and therefore can easily be "broken".

The survey looked at five key points in firmware images to evaluate each manufacturer's approach to cyber security. These included a) the days since the last firmware update, b) how old the operating system versions running these routers are, c) the use of utilization mitigation techniques, and d) the presence of hard-coded credentials connection.

According to the FKIE, router manufacturers are significantly slower to provide security updates than operating system manufacturers. The router's information policy is far behind the standards known by desktop or operating systems. server. Most of the devices are powered by Linux and security codes for Linux kernel and other open source software are released several times a year. This means that suppliers could distribute security updates to their devices much more often, but they do not, according to FKIE.

The results reflect the findings of a survey conducted in 2018 by the American Consumer Institute (ACI) in the United States, which analyzed 186 home routers from 14 different suppliers. According to its results, 155, 83% of the firmware sample had vulnerabilities in possible cyber attacks, while each router had an average of 172 vulnerabilities. In addition, ACI has criticized router manufacturers for not providing an automatic notification mechanism to update routers. Updates are usually made after serious attacks targeting a router, such as the Mirai IoT malware and state-funded VPNFilter malware.

FKIE's research found that more than a third of devices use version 2.6.36 or earlier, while the latest security update for 2.6.36 was released in February 2011. It also found a Linksys WRT54GL router with Linux version 2.4 core. 20 released in 2002. Finally, according to research, the worst case scenario for high-serious errors is the Linksys WRT54GL router powered by the oldest core found in the survey, while there are 579 high-serious errors affecting this product.


Please enter your comment!
Please enter your name here

Every accomplishment starts with the decision to try.


Listening to Twitter hack stopped due to porn!

According to a newspaper, the hearing about the teenage hacker who was responsible for the attack that took place on Twitter, which ...

Colorado paid a ransom of $ 45.000 to hackers

According to Lafayette, Colorado officials, the city's electronic systems were breached and officials were forced to pay a ransom to recover ...

Trump vs Biden: Instagram bug favors Trump!

In Instagram hashtag searches for Democratic candidate Joe Biden, content was promoted in favor of Donald Trump.

LibreOffice 7.0: Comes with new features and improved appearance

LibreOffice is one of the best alternatives to Microsoft Office. In addition to providing ...

Pompeo: "Eliminate Chinese apps from Apple and Google stores"!

US Secretary of State Mike Pompeo on Wednesday called for an extension of the US government's restrictions on Chinese technology, saying that ...

Microsoft brings Android applications to Windows 10!

Microsoft has decided to integrate Android applications into Windows 10 with the new update of the "Your Phone" application.

Nudgebox: From DNA analysis to Covid-19 detection

Nudgebox is the product of a small DNA testing company that a few months ago was trying to gain its place in genetics ...

Twitter: Android error exposes DMs and other user data to hackers!

Twitter announced that it fixed a bug found in the Twitter application for Android, which could allow hackers to ...

Trump: Facebook removes misinformation post about Covid-19

Facebook removes Donald Trump's post claiming that children are "almost immune" to Covid-19.

US: $ 10.000.000 to anyone who identifies election hackers!

A few months before this year's US presidential election to be held in November, the US State Department announced that it will give ...