Some router updates fail to protect against known vulnerabilities
Security professionals tracking cybercriminal activity have found that hackers can easily compromise consumer routers by leveraging known vulnerabilities that have not been patched. A recent assessment of the latest router firmware from 14 different vendors has shown there are opportunities galore to hijack devices.
On average, each networking equipment had 172 vulnerabilities, according to the study, carried by non-profit organization American Consumer Institute (ACI) on a sample set of 186 Wi-Fi router models. Twelve routers had a critical severity score and 36 were found to have high-risk security issues. These accounted for 28% of all the vulnerabilities found.
ACI found vulnerabilities in the latest firmware updates released on the vendors’ websites for 155 devices, which included routers from popular brands like TP-Link, ASUS, Belkin, D-Link, TRENDnet, Zyxel and Ubiquiti. In total, ACI found 32,003 security problems, all of them in open source components used by makers of WiFi equipment to reduce their costs.
“As vulnerabilities are found in open source code, the numerous router manufacturers may or may not take the necessary steps to patch these vulnerabilities when fixes become available,” said the report. ACI added that code available under the open source license is believed to be more prone to hacking. A reason for this is open access to the source code.
Keeping routers safe from known security weaknesses is a process that involves both consumers and hardware makers. In many cases, even if users want to run the latest update, they have a tough time finding the file. Automated updates ensure delivery to the endpoint, but are ineffective if they fail tomitigate all known security gaps.
The study has found that 31 router models were free of vulnerabilities in open source libraries, but hasn’t named them. Typically, experts recommend consumers choose products from brands that provide security updates on a frequent basis. Avoiding devices with an old release date should also be a selection criteria.
To determine the security state of the smart gadgets in your home, including the router, you can use Home Scanner, a free solution that provides a list of known vulnerabilities currently affecting the systems on your local network.
For active protection against cyber attacks targeting any IoT device connected to your router, Bitdefender BOX is the IoT security solution that blocks exploit attempts. It can also determine irregular traffic and inform the user of the proper action to take.
Image credit: MediaDSIoT open source router vulnerability