1 min read

Lack of basic security features in 28 popular routers points to industry-wide failure, researchers say

Filip TRUȚĂ

January 07, 2019

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Lack of basic security features in 28 popular routers points to industry-wide failure, researchers say

Many popular wireless routers perform very poorly with regards to known, basic safety features, and there is little consistency in terms of security practices even within the models of the same brand, according to a new study.

The Cyber Independent Testing Lab (Cyber-ITL) analyzed 28 routers and access points from different vendors and found “a significant lack of basic security and safety hygiene.”

Security hardening features like DEP (Data Execution Prevention), ASLR (Address Space Layout Randomization), RELRO (RELocation Read-Only), and others were missing, to varying degrees, in all 28 routers.

“The absence of these security features is inexcusable,” said Parker Thompson and Sarah Zatko, the researchers behind the study. “The features discussed in this report are easy to adopt, come with no downsides, and are standard practices in other market segments (such as desktop and mobile software),” they duo added.

Notably, the Linksys WRT32X scored highest, with 100% DEP coverage, 95% RELRO coverage, 82% stack guard coverage, and a much lower 4% ASLR coverage. However, most other routers didn’t even come close to these numbers. The paper (PDF) lists all 28 routers with their specific scores.

“The router with the highest usage of ASLR across binaries was the Linksys e2500 from the first group, with a still extremely poor 9% ASLR. Given that ASLR is an easy safety hygiene feature to accomplish for binary applications, this is a major industry-wide security lapse,” the researchers added.

tags


Author


Filip TRUȚĂ

Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.

View all posts

You might also like

Bookmarks


loader