In a recent report done by Peter Weidenbach and Johannes vom Dorp, an analysis of 127 common household routers was executed. The findings included the extraction of 117 firmware images out of the original 127 routers from companies such as Netgear, D-Link, Linksys, and others.
During the study, the routers were put through a variety of tests design to determine:
- The current software versions, and the dates of their last updates.
- Which operating systems are used, and what are their critical issues?
- What exploit-mitigation techniques are used by vendors, if any?
- Do the firmware images extracted contain any private, key information?
- Are there any login credentials present?
The results of these experiments were shocking, to say the least. There were zero routers without critical issues present. Further, 46 routers hadn't received any software updates within the last year. According to the study, many of the routers were even affected by, "hundreds of known vulnerabilities."
However, another terrifying discovery was made during this research. Even if most of the software was updated on some of the routers, it still wouldn't fix the majority of the security flaws.
"Some routers have easy crackable or even well known passwords that cannot be changed by the user. Most firmware images provide private cryptographic key material," the study reads.
As stated earlier, of the 127 routers tested, data was extracted from 117 completely. This is largely due to 91 percent of the routers tested running an ancient, unmaintained, version of the Linux operating system.
“To sum it up, our analysis shows that there is no router without flaws and there is no vendor who does a perfect job regarding all security aspects,” Weidenbach and vom Dorp wrote. “Much more effort is needed to make home routers as secure as current desktop or server systems.”
However, it isn't time to panic just yet. While no perfect solution exists to this problem, there are steps you can take to ensure that you and your network stays secure. By following these steps, you can keep your cybersecurity high and your risk factors low.