The Fraunhofer Institute for Communication, Information Processing and Ergonomics FKIE has released their findings on security flaws detected in home routers in their “Home Router Security Report 2020”. They tested 127 home routers from seven major manufacturers and almost all of them had security flaws, some of them were extreme.
Peter Weidenbach and Johannes vom Dorp in the Fraunhofer FKIE’s Cyber Analysis & Defense department headed a team that downloaded the latest firmware (as of Mar. 27, 2020) available to customers that had one of the 127 tested routers. The team used the Fraunhofer FKIE’s Firmware Analysis and Comparison Tool to find any issues. The test results showed that none of the routers were free of flaws. Out of the 127 tested routers, 46 of them did not receive any updates within the last 12 months. The most severe case had not obtained a security update for over 5 years.
The FKIE group focused their report on security updates as well as which operating system versions were used. They also looked at how the security flaws affected the version of the operating system used. The Linux operating system was used on over 90% of the tested routers, but it was usually an older version. One of the leaders Johannes vom Dorp commented that “Linux works continuously to close security vulnerabilities in its operating system and to develop new functionalities. Really, all the manufacturers would have to do is install the latest software, but they do not integrate it to the extent that they could and should.”
The FKIE group also reported that “Numerous routers have passwords that are either well known or simple to crack – or else they have hard-coded credentials that users cannot change.”
Cantrell’s Computer Sales & Service is open by appointment only M-F 9am-5pm. To schedule an appointment, call us at 925-827-1200.