Expensive Wi—Fi routers may have security Flaws - what to do here

Expensive Wi—Fi routers may have security Flaws - what to do here

An analysis by German security researcher IoT-Inspector and German technology magazine CHIP found that even the most highly rated Wi-Fi routers with the latest firmware have security flaws.

The researchers examined nine models on CHIP's "Best Routers" list. Two models were from German router manufacturer AVM's FritzBox, and one each from Asus, D-Link, Edimax, Linksys, Netgear, Synology, and TP-Link. (Synology and TP-Link had the most vulnerabilities, with 30 and 32 vulnerabilities, respectively. ) [Florian Lukavsky, CEO of IoT-Inspector, said in a blog post, "This test negatively exceeded all expectations for secure small business and home routers. While not all vulnerabilities are equally critical, at the time of testing, all devices showed significant security vulnerabilities that could make a hacker's life much easier."

According to the CHIP report (in German), flaws include multimedia and VPN software known to be vulnerable, older versions of the Linux kernel, older software such as the BusyBox Linux distribution commonly used in routers, hard coded administrative passwords, default administrative passwords that were either too simple or widely known, etc.

In all, 226 known software vulnerabilities were found in all nine Wi-Fi router models and reported by IoT-Inspector and CHIP to the router manufacturers; with the exception of AVM, all manufacturers responded positively, and at least some of the high- and medium-risk flaws were All but AVM have responded positively and have issued or will soon issue firmware updates that fix at least some of the high and medium risk defects.

This story was previously reported by Bleeping Computer.

Router manufacturers use similar firmware for most of their current models, so if you own a recent router of any of the brands listed below, you are advised to update your firmware, even if yours is not the exact same model. (In fact, Netgear patched 35 different models earlier this week, but this was for an unrelated security issue.)

The Wi-Fi routers studied include:

Asus, D-Link, Netgear, and TP-Link's The models are high-end gaming routers, while the AVM FritzBoxes are gateway-modem/router combinations widely used in German-speaking countries.

In each case, the latest firmware available at the time was tested by IoT-Inspector; Tom's Guide reviewed three of these routers, giving Asus 4.5/5 stars, TP-Link 4/5 stars, and Linksys 3. 5/5 stars were given to Asus, TP-Link, and Linksys.

All or most of these routers are new enough and expensive enough that they should support automatic firmware updates. If you own one of these models, or a similar one from each brand, go to the router's management interface and make sure automatic updates are enabled. (However, older or less expensive models are not without security flaws.)

The flaw reported in this latest report will not be the last one found in your router model, so it is best to leave automatic updates on.

If automatic updates are not available or you do not want to enable them, use the administration interface to check for new updates and install them from the interface. All decent routers manufactured in the past few years should be able to do that.

With older Wi-Fi routers, things are more difficult. You may have to go to the manufacturer's website, search for the firmware update support page, download the update to your PC or Mac (or Linux box), and manually load the update into the router via an Ethernet cable. Once you get used to it, it's easy.

In any case, if your router is more than five years old, we suggest checking the manufacturer's website to see if the firmware update is still available. If not, it's time to get a new router - or if you're technically inclined, "flash" it with open source router firmware such as DD-WRT, OpenWRT or Tomato.

If your Wi-Fi router is more than 10 years old, it is probably no longer supported.

And as always, with all routers, the first thing you want to do is change the default admin password. This is the easiest way for hackers to attack your router.

Once in the management interface, disable remote access so that no one can operate it from outside the network, as well as the convenient but unnecessarily insecure Universal Plug and Play (UPnP) and Wi-Fi Protected Setup (WPS) features, also want to disable the Universal Plug and Play (UPnP) and Wi-Fi Protected Setup (WPS) features if the computer has them.

However, the question remains as to how serious these perceived flaws are. Physically testing routers for security flaws is both time-consuming and expensive, and each major router manufacturer produces more than 10 models at any given time, each of which receives its own firmware updates on a regular basis.

Therefore, to save time, money, and their own sanity, security researchers often analyze the firmware and operating systems of routers rather than the routers themselves. Still time consuming, the process can be automated.

For example, IoT-Inspector is the name of a research firm and also a computer program developed independently by this firm. The program can run the firmware of a router in 15 minutes and output a 300+ page report on each model, CHIP notes.

However, such "static analysis" is flawed; even CHIP admits that known vulnerabilities in the firmware are not always exploitable.

Similarly, running an older Linux kernel does not necessarily mean that there are more vulnerabilities, but CHIP claims that it is strongly correlated with the presence of other firmware flaws.

The latest stable Linux kernel is 5.15, but Android 11 and Android 12 run Linux kernels dating back to 4.14, and there are tens of thousands of servers worldwide that are happily and (presumably) safely running Linux on even older kernels

The previous description of Linux is not accurate.

As noted above, AVM is the only router manufacturer that has responded negatively to vulnerability reports. The company, which has a reputation for quickly fixing security flaws, questioned static code analysis and told CHIP that there are too many false positives with such an approach and that the old Linux kernel does not always lead to security flaws.

"It doesn't matter how old the kernel is, it matters if the kernel contains vulnerabilities related to the router's core operation," AVM told CHIP in German.

.

Categories