• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Microcontroller Tips

Microcontroller engineering resources, new microcontroller products and electronics engineering news

  • Products
    • 8-bit
    • 16-bit
    • 32-bit
    • 64-bit
  • Applications
    • 5G
    • Automotive
    • Connectivity
    • Consumer Electronics
    • EV Engineering
    • Industrial
    • IoT
    • Medical
    • Security
    • Telecommunications
    • Wearables
    • Wireless
  • Learn
    • eBooks / Tech Tips
    • EE Training Days
    • FAQs
    • Learning Center
    • Tech Toolboxes
    • Webinars/Digital Events
  • Resources
    • Design Guide Library
    • DesignFast
    • LEAP Awards
    • Podcasts
    • White Papers
  • Videos
    • EE Videos & Interviews
    • Teardown Videos
  • EE Forums
    • EDABoard.com
    • Electro-Tech-Online.com
  • Engineering Training Days
  • Advertise
  • Subscribe

April 2021 Special Edition: Internet of Things Handbook 2021

April 7, 2021 By dmiyares

Worst suspicions contirmed: The terrible security of internet routers

Here’s the latest IDT security nightmare: All of the wireless routers through which most loT traffic passes are probably vul­nerable to botnets and other kinds of security breaches. That’s the conclusion of researchers at Fraunhofer FKIE in Germany who analyzed 127 different routers sold by seven vendors. The routers they examined are sold in Europe, but a quick check reveals many of them have versions available in the U.S.

This is certainly disheartening news for loT equipment manufacturers doing the equivalent of triple back-flips in the pursuit of designing secure products. The loT products they’re fielding may be bullet proof, but the routers to which they connect have sold them down the river.

Fraunhofer researchers say every one of the 127 routers they examined had security flaws. They also discovered that 46 of the routers had received no security updates within the last year. And many of the routers are affected by hundreds of known vulnerabilities. Worse, when security updates were issued, they didn’t fix some of the known problems.

The deeper you delve into the Fraunhofer report, the more discouraging the news. Some routers have easily crackable or obvious passwords that users can’t change. (Like, in the case of the Netgear RAX40 router, admin:password.) And most firmware images expose private cryptographic key material. This means bad actors can just look at the router firmware to defeat widely used public-private crypto mechanisms.

Most of the routers Fraunhofer looked at use the Linux operating system, and security patches for the Linux Kernel are released several times annually. But Fraunhofer found many routers hadn’t received security fixes for more than a year. Twenty two of them hadn’t been updated for two years, and one model had gone more than five years without security patches.

Even more worrying is that many routers use versions of Linux that are wildly out of date. More than a third of the devices use version 2.6.36 or even older. The last security update for 2.6.36 came out in early 2011 . Fraunhofer researchers found the oldest kernel in use was version 2.4.20 released in 2002, residing in the Linksys WRT54GL. Interestingly, Google lists a user review rating of 4.6 out of 5 for this router. And if your PC ran a version of Windows that was current when Linux 2.4.20 came out, you would be using Windows XP. Fraunhofer researchers note there are several mitigation techniques router makers could employ to thwart mischief. But they usually don’t bother to take advantage of all the techniques at their disposal. For example, few router makers use a technique called Relocation Read-Only (RELRO). RELRO protects the global offset table so attackers can’t redirect function calls to malware routines. Another seldom-used technique called stack canaries stores special byte sequences that get checked periodically to ensure attackers haven’t overwritten memory locations via buffer overflow attacks that affect how programs execute. And different vendors seem to prioritize security differently. Fraunhofer says modem maker AVM does better than other vendors when it comes to most aspects of security. However, AVM routers are not flawless. Researchers also claim ASUS and Netgear do a better job on some aspects of security than D-Link, Linksys, TP-Link, and Zyxel.

Still, when it comes to modem security, the Fraunhofer report shows the choices range from least worst to terrible.

Leland Teschler
Executive Editor

Filed Under: Digital Edition Back Issue

Primary Sidebar

Featured Contributions

Five challenges for developing next-generation ADAS and autonomous vehicles

Securing IoT devices against quantum computing risks

RISC-V implementation strategies for certification of safety-critical systems

What’s new with Matter: how Matter 1.4 is reshaping interoperability and energy management

Edge AI: Revolutionizing real-time data processing and automation

More Featured Contributions

EE TECH TOOLBOX

“ee
Tech Toolbox: 5G Technology
This Tech Toolbox covers the basics of 5G technology plus a story about how engineers designed and built a prototype DSL router mostly from old cellphone parts. Download this first 5G/wired/wireless communications Tech Toolbox to learn more!

EE Learning Center

EE Learning Center

EE ENGINEERING TRAINING DAYS

engineering
“bills
“microcontroller
EXPAND YOUR KNOWLEDGE AND STAY CONNECTED
Get the latest info on technologies, tools and strategies for EE professionals.

DesignFast

Design Fast Logo
Component Selection Made Simple.

Try it Today
design fast globle

Footer

Microcontroller Tips

EE World Online Network

  • 5G Technology World
  • EE World Online
  • Engineers Garage
  • Analog IC Tips
  • Battery Power Tips
  • Connector Tips
  • DesignFast
  • EDA Board Forums
  • Electro Tech Online Forums
  • EV Engineering
  • Power Electronic Tips
  • Sensor Tips
  • Test and Measurement Tips

Microcontroller Tips

  • Subscribe to our newsletter
  • Advertise with us
  • Contact us
  • About us

Copyright © 2025 · WTWH Media LLC and its licensors. All rights reserved.
The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media.

Privacy Policy