Over 100 Wi-Fi Routers Fail Major Security Test -- Protect Yourself Now
'Tom's Guide: Using its own analytical software, the [Fraunhofer Institute] tested the most recently available firmware for 117 home Wi-Fi models currently sold in Europe, including routers from ASUS, D-Link, Linksys, Netgear, TP-Link, Zyxel and the small German brand AVM. The models themselves were not physically tested. A full list of the tested models and firmware is on GitHub. The institute was not able to examine the firmware of 10 more models, mostly from Linksys. The report notes (PDF) that many firmware updates are issued without fixing known flaws. So what can you do? You can make sure that the next router you buy automatically installs firmware updates. You can check to see whether your current router does so, or makes it fairly easy to install firmware updates manually. You should also make sure that the administrative password for your router has been changed from the factory default password. (Check the list of default passwords at https://www.routerpasswords.com.) You should also check its administrative interface to make sure that UPnP and remote access are disabled. And if your router was first released more than 5 years ago, consider buying a newer model unless it meets all of the above criteria. Alternatively, you could try to "flash" your older router to run more secure open-source router firmware such as OpenWrt, DD-WRT or Tomato. "The worst case regarding high severity CVEs [widely known flaws] is the Linksys WRT54GL powered by the oldest kernel found in our study," the report said, noting that this model uses the 2.4.20 kernel from 2002. "There are 579 high severity CVEs affecting this product." "That particular model last had its firmware updated in January 2016, one of the oldest firmwares in the study," adds Tom's Guide. "The Linksys WRT54GL was first released in 2005 and is still sold today, even though it handles Wi-Fi protocols only up to 802.11g. However, the WRT54G series is possibly the best-selling family of Wi-Fi routers ever..."' -- source: https://mobile.slashdot.org/story/20/07/08/2058240 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/
Interestingly, 2degrees could take a bow with this. They issue their customers with AVM's Fritz!Box routers, which came up in those tests as the best of a bad bunch. D On 9/07/20 1:02 pm, Peter Reutemann wrote:
'Tom's Guide:
Using its own analytical software, the [Fraunhofer Institute] tested the most recently available firmware for 117 home Wi-Fi models currently sold in Europe, including routers from ASUS, D-Link, Linksys, Netgear, TP-Link, Zyxel and the small German brand AVM. The models themselves were not physically tested. A full list of the tested models and firmware is on GitHub. The institute was not able to examine the firmware of 10 more models, mostly from Linksys. The report notes (PDF) that many firmware updates are issued without fixing known flaws.
So what can you do? You can make sure that the next router you buy automatically installs firmware updates. You can check to see whether your current router does so, or makes it fairly easy to install firmware updates manually. You should also make sure that the administrative password for your router has been changed from the factory default password. (Check the list of default passwords at https://www.routerpasswords.com.) You should also check its administrative interface to make sure that UPnP and remote access are disabled. And if your router was first released more than 5 years ago, consider buying a newer model unless it meets all of the above criteria. Alternatively, you could try to "flash" your older router to run more secure open-source router firmware such as OpenWrt, DD-WRT or Tomato.
"The worst case regarding high severity CVEs [widely known flaws] is the Linksys WRT54GL powered by the oldest kernel found in our study," the report said, noting that this model uses the 2.4.20 kernel from 2002. "There are 579 high severity CVEs affecting this product."
"That particular model last had its firmware updated in January 2016, one of the oldest firmwares in the study," adds Tom's Guide. "The Linksys WRT54GL was first released in 2005 and is still sold today, even though it handles Wi-Fi protocols only up to 802.11g. However, the WRT54G series is possibly the best-selling family of Wi-Fi routers ever..."'
-- source: https://mobile.slashdot.org/story/20/07/08/2058240
Cheers, Peter
On Thu, 9 Jul 2020 14:21:41 +1200, David McNab wrote:
Interestingly, 2degrees could take a bow with this. They issue their customers with AVM's Fritz!Box routers, which came up in those tests as the best of a bad bunch.
I remember that name, “Fritz!Box”, from many years ago, as being one of the early versatile NAS/multimedia/multifunction boxes. Linux-based, I believe. German-made, you can tell.
participants (3)
-
David McNab -
Lawrence D'Oliveiro -
Peter Reutemann