Study Shows That Every Router Has Flaws…. Here’s How To Minimize Your Risk

Most people think that home routers are “plug in and forget” items that allow them to get their devices onto the Internet with having to think about it any further. Except that they aren’t “plug in and forget” devices. They provide security for your home network, which means that you have to make sure that the firmware is up to date. That also requires that the vendor of the router is on top of security threats and the like, and that they are putting out firmware for you to install.

That’s where this study from the Fraunhofer Institute for Communication comes in. It involved 127 routers from seven manufacturers and found the following:

  • The researchers compared the firmware images from each tested router with known vulnerabilities and exploits, and the findings were disturbing. Many of the routers were found to be affected by hundreds of known vulnerabilities. Not a single router tested found to be without at least one known vulnerability. And 46 of the routers tested had not received an update in the last year. And 22 had not updated in the last two years. In the worse case, some routers were found to have not been updated in five years.
  • Even when routers had received updates, 50 were found to used hard-coded qualifications: The username and password were encoded into the router as a default, meaning that attackers could easily gain access.

Then there’s the question of who makes security a top priority. Here’s the answer:

Nonetheless, vendors seem to prioritize security differently. Especially AVM does a better job than the other vendors regarding most of the security aspects. However, AVM routers are not flawless as well. ASUS and Netgear do a better job on some aspects than D-Link, Linksys, TP-Link and Zyxel.

Now while I could quibble about aspects of this study, I think the study paints a pretty stark picture. And router companies need to up their game. But until they get around to doing that, here’s my advice to minimize your risk:

  1. Buy a router from a company that is known to have frequent updates to their products, and who has a track record for updating their products over the long term.
  2. Check for updates frequently and apply them ASAP. Because hackers are not looking for routers that are up to dat. They’re looking for the ones that aren’t.
  3. Check the router logs from time to time to make sure that there’s no funny business goin on in terms of someone trying to break into your network.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: