An investigation by the Fraunhofer Institute for Communication, Information Processing and Ergonomics (FKIE) has identified serious security deficiencies in Internet routers for private users. The gaps ranged from missing security updates and easy-to-guess passwords – for example “password” – that could not be changed by the user to well-known vulnerabilities that should have been fixed long ago.
–
According to the conclusion, not a single router among the 127 devices examined by seven manufacturers was without errors the investigation. Some are even affected by hundreds of well-known vulnerabilities. The researchers often searched in vain for four of the five most common protection mechanisms against attacks.
In the past 12 months, the investigation showed that 46 routers have not received a single security update, one for 2000 days. AVM did the best, followed by Asus and Netgear.
Stiftung Warentest is less pessimistic
Most of the time (90 percent) versions of the free Linux operating system would be used on the routers, but these are often outdated. Linux is known for the fact that security gaps are quickly closed, the researchers emphasize. The manufacturers would only have to quickly install the current software – which, however, usually does not happen.
–
At first glance, this coincides with the youngest Findings from the Stiftung Warentestwho tested eight routers in May. Only three of them received security updates automatically and regularly. However, the foundation did not find any massive security gaps that could have been exploited from a distance. Three WLAN routers even offer “very good security functions”.
The FKIE researchers, on the other hand, draw a grim conclusion: “Much more needs to be done to make routers as secure as today’s desktop computers or server systems”.
–
