Expert Advise on Home Routers Largely Unpatched

Employers who have suddenly shifted a large percentage of their workforce to remote due to Covid-19 no doubt will shudder by the findings of a new Frauhofer Institute study that concluded no home router was without security vulnerabilities. The German tech think tank analyzed 127 home routers from seven manufacturers sold in Europe and found that 46 of them hadn’t a security update within 12 months, and some hadn’t been updated for more than five years. The lion’s share (91 percent) of the routers use Linux OS, but many manufacturers don’t integrate fixes when they’re available from Linux kernel maintainers. Vendors can distribute security patches to their devices far more often, but do not, Fraunhofer found, and to make matters even worse, many of the routers are powered by a very old version of Linux.


EXPERTS COMMENTS
Kiri Addison, Head of Data Science for Threat Intelligence and Overwatch ,  Mimecast
July 07, 2020
This needs to be improved, or vulnerabilities such as this one will lead to further security problems for UK organisations.
These findings are particularly worrying as the COVID-19 pandemic means that many employees are working from home and connecting corporate devices to their home router. This obviously provides greater opportunity for sensitive corporate data to be lost or stolen by nefarious actors. The manufacturers of these devices need to rapidly improve the security of their products and ensure that patches fo ....
[Read More >>]
Craig Young, , Principal Security Researcher ,  Tripwire
July 07, 2020
A vendor can release updates on a regular basis but still ignore security researchers.
I’m absolutely stunned that they would assess that Netgear and ASUS do a better job than others. Overall I have some questions about how they selected the ‘127 current routers’. The research specifically cites Linksys WRT54GL despite that it’s been out of support for years. I’m not sure how relevant it is to be comparing this router to currently supported devices from other brands. The ....
[Read More >>]
James MacQuiggan, Security Awareness Advocate,  KnowBe4
July 07, 2020
Similar to smartphones or computers, these devices need to be updated to reduce an opportunity for exploitation by cybercriminals.
As consumers, people consider their home routers, computers, and other electronic devices like their oven, dishwasher, and refrigerator, to be able to just plug them in and run. They only look at them when there is a problem. With home routers, people buy them, install them, and maybe configure them with a new password, but for the most part, as long as it's running, they don't mess with it. Simi ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article