As long as that small router box on the corner of a desk blinks its lights and keeps the internet connection alive, most people probably don’t pay attention to the vital piece of hardware at home. You may think of the router as your home Wi-Fi hotspot, cable modem, or fiber connection, but it actually comprises a complex stack of software that manages internet access for all your devices, and faces the wild world of internet. The bad news is that Fraunhofer researchers have found out that security risks in home routers are high.
A team at the Cyber Analysis and Defense department at Fraunhofer Institute has published Home Router Security Report 2020 that lays out the ugly truth about internet router products that vendors market to consumers. The team tested 127 routers from Asus, AVM, D-Link, Linksys, Netgear, TP-Link, and Zyxel. All products had security problems. The most serious risks discovered in the tests were:
- Vendors don’t deliver security updates to the routers. 36% of products haven’t received an update during the last 12 months. The latest patch in one product was more than five years old.
- More than 90% of tested routers rely on Linux kernel as their core software. More than half of Linux-powered routers are still using an ancient version 2 or 3 of the software. These old versions are not maintained anymore, and possible vulnerabilities are not fixed. Common Linux kernel version on computers is 4 or 5, while version 5.8 is being developed by a team led by Linus Torvalds.
- Admin passwords that can’t be changed by users was a feature in some routers, as well as default passwords that are widely known across hacker communities.
AVM routers were ranked the least vulnerable in the test, with Asus and Netgear as the second safest.
The security of a router is important because it is the gateway to the devices at home, and it is the first hijacking target for criminals
Routers are small computers that are directly connected to the traffic flow of the internet. Criminals who operate botnet networks like Bashlite or Mirai are looking for devices they can hijack for their own use. For instance, a distributed denial-of-service attack (DDoS) attack can be executed using hijacked routers.
Wired has good advice for steps every home router owner should take to secure the device. After changing the default password, enable secure Wi-Fi, disable UpnP, and create a guest access for accidental users who visit you (if available in the router settings).
You should also check if security updates are automatic, or do you have to initiate the process manually. Advanced users may even completely replace the router’s default software with dd-wrt open source package.