[WOW] 32,003 Router Vulnerabilities Found
A nonprofit consumer advocacy group looked at 186 SOHO (small office/home office) WiFi routers from 14 U.S. vendors and found 83% of them were running outdated firmware whose vulnerabilities are public knowledge, leaving the routers and their users vulnerable to hacking attacks. Is yours on the hit list? Here's what you need to know...
New Study: 5 out of 6 Consumer Routers Are Inadequately Secured
The American Consumer Institute (ACI) compared each router’s firmware version to public databases of known vulnerabilities. “In total, there was a staggering number of 32,003 known vulnerabilities found in the sample,” ACI reported in its end-of-September publication.
Of the 186 routers studied, 155 of them (83%) were vulnerable to known exploits. The analysis revealed “an average 186 vulnerabilities per router for the identified routers,” the ACI analysts reported. Wow, that's a lot of attack vectors -- so how bad is it really?
More than one-quarter of the 32,003 vulnerabilities are deemed “critical” or “high risk,” meaning they can be exploited to give an attacker complete access to all devices served by a router, as well as giving the attacker complete control over the router itself.
Open-source software libraries were identified as one of the major sources of vulnerabilities. In their endless quest to reduce costs, vendors use and reuse open-source software that may be old and weakly supported, if at all. Vulnerabilities in these open-source components are cumulative, leading to the staggeringly high numbers of vulnerabilities per router firmware package studied.
The industry-wide dearth of automatic updates is another source of firmware vulnerability, the study’s authors found. Router firmware seldom gets updated until a major security breach is reported. Even then, relying on laypersons to manually download and install firmware updates ensures that many critical updates are not widely installed.
Most people are justifiably afraid of “bricking” their routers by attempting to update the firmware. (Bricking is a tech term that means "rendered useless." ) Vendors do little to alleviate this fear by providing software or human guidance through the often tricky process of updating a firmware package. Some vendors even discourage users from updating firmware even when the vendor knows, or should know that a critical vulnerability exists.
Self-Updating Routers to the Rescue
A single compromised router can become a weapon of mass destruction in the hands of hackers. It can deliver millions of spam emails, spread malware like wildfire, and infect every other vulnerable router through which its traffic passes. Multiply that dreadful vision by a few million vulnerable routers and you may not sleep very well tonight.
"Keeping firmware patched for known online threats may be an expense for manufacturers, but not doing so leaves consumers to collectively bear the burden of potentially much higher costs from cybercrime," ACI experts said.
The best you can do is remember, when you next buy a router, to insist on one that automatically updates its firmware. Self-updating routers will become the industry norm, but that may take several years as low-end vendors continue to save money at the expense of every user who buys or connects to one of their vulnerable routers. Only by refusing to buy routers that don’t self-update can consumers and businesses force the vendors to spend the money necessary to make them self-updating.
If you want to replace your router with a top-notch auto-updating model, see my article Does Your Router Auto-Update? (it should...).
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 5 Oct 2018
|For Fun: Buy Bob a Snickers.|
Grab October Windows 10 Update Now Or Wait?
The Top Twenty
[FAKE] When Your Friend is Not Your Friend
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005
- Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- [WOW] 32,003 Router Vulnerabilities Found (Posted: 5 Oct 2018)
Copyright © 2005 - Bob Rankin - All Rights Reserved