Check your router now - it could be a huge Linux security risk

(Image credit: Shutterstock)

Many of the most popular home routers available to buy today feature a worrying number of security flaws and vulnerabilities, new research has found.

A report from Fraunhofer Institute for Communication (FKIE) discovered that the firmware present in a large number of leading routers was susceptible to hugely damaging security issues.

Many routers were found to never have received a single security firmware update in their lifetime, despite the risk that this could pose to users at home and at work, and were vulnerable to hundreds of well-known security issues.

Linux security

The FKIE study looked at 127 home routers from seven brands (Netgear, ASUS, AVM, D-Link, Linksys, TP-Link and Zyxel), examining the product firmware for any known security vulnerabilities.

46 of the products it tested had not received any kind of security update within the past 12 months, with some vendors shipping firmware updates without fixing known vulnerabilities, and one set of products not seeing a firmware update for more than five years.

"The update policy of router vendors is far behind the standards as we know it from desktop or server operating systems," the FKIE noted in its report, calling for an industry-wide push to improve router security as a whole.

"Numerous routers have passwords that are either well known or simple to crack – or else they have hard-coded credentials that users cannot change." 

FKIE found that almost all (90%) of the routers were running some form of Linux operating system, however the manufacturers were failing to update this software with the latest patches and fixes, leaving the devices open to attack.

"Linux works continuously to close security vulnerabilities in its operating system and to develop new functionalities. Really, all the manufacturers would have to do is install the latest software, but they do not integrate it to the extent that they could and should," Johannes vom Dorp, part of the team at FKIE's Cyber Analysis & Defense department said.  

"Most of the devices are powered by Linux and security patches for Linux kernel and other open-source software are released several times a year. This means the vendors could distribute security patches to their devices far more often, but they do not."

Via ZDNet

TOPICS
Mike Moore
Deputy Editor, TechRadar Pro

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.

Latest in Security
A graphic showing someone on a tablet working through a supply chain.
Security issue in open source software leaves businesses concerned for systems
ransomware avast
One of the most powerful ransomware hacks around has been cracked using some serious GPU power
person at a computer
Infamous ransomware hackers reveal new tool to brute-force VPNs
person at a computer
Many workers are overconfident at spotting phishing attacks
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Microsoft 365 accounts are under attack from new malware spoofing popular work apps
Data Breach
Thousands of healthcare records exposed online, including private patient information
Latest in News
Metroid Prime 4
I reckon the Nintendo Switch 2 could launch with Metroid Prime 4 – here’s why
Pebble smartwatch countdown
Pebble confirms its smartwatch announcement is just hours away
Logo of YouTube Shorts
Is YouTube auto-playing Shorts when you open the app? Well, you’re not alone - here’s how to fix it
Google DeepMind panel discussion
“More sovereignty and protection” - Google goes all-in on UK AI with data residency, upskilling projects, and startup investments
Nintendo Switch 2
Nintendo Switch 2 expected to have AI upscaling and I can't wait to finally play Tears of the Kingdom with upgraded graphics
PowerColor Red Devil AMD RX 9070 XT graphics card shown side-on
Your next GPU could be from AMD, not Nvidia, if Team Red’s success with PC gamers continues