• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Microcontroller Tips

Microcontroller engineering resources, new microcontroller products and electronics engineering news

  • Products
    • 8-bit
    • 16-bit
    • 32-bit
    • 64-bit
  • Applications
    • Automotive
    • Connectivity
    • Consumer Electronics
    • Industrial
    • Medical
    • Security
  • EE Forums
    • EDABoard.com
    • Electro-Tech-Online.com
  • Videos
    • TI Microcontroller Videos
  • EE Resources
    • DesignFast
    • eBooks / Tech Tips
    • FAQs
    • LEAP Awards
    • Podcasts
    • Webinars
    • White Papers
  • EE Learning Center
    • Design Guides
      • WiFi & the IOT Design Guide
      • Microcontrollers Design Guide
      • State of the Art Inductors Design Guide

Worst suspicions confirmed: The terrible security of internet routers

April 7, 2021 By Lee Teschler

Leland Teschler, Executive Editor
Here’s the latest IoT security nightmare: All of the wireless routers through which most IoT traffic passes are probably vulnerable to botnets and other kinds of security breaches. That’s the conclusion of researchers at Fraunhofer FKIE in Germany who analyzed 127 different routers sold by seven vendors. The routers they examined are sold in Europe, but a quick check reveals many of them have versions available in the U.S.

This is certainly disheartening news for IoT equipment manufacturers doing the equivalent of triple back-flips in the pursuit of designing secure products. The IoT products they’re fielding may be bullet proof, but the routers to which they connect have sold them down the river.

Fraunhofer researchers say every one of the 127 routers they examined had security flaws. They also discovered that 46 of the routersLeeTeschler had received no security updates within the last year. And many of the routers are affected by hundreds of known vulnerabilities. Worse, when security updates were issued, they didn’t fix some of the known problems.

The deeper you delve into the Fraunhofer report, the more discouraging the news. Some routers have easily crackable or obvious passwords that users can’t change. (Like, in the case of the Netgear RAX40 router, admin:password.) And most firmware images expose private cryptographic key material. This means bad actors can just look at the router firmware to defeat widely used public-private crypto mechanisms.

Most of the routers Fraunhofer looked at use the Linux operating system, and security patches for the Linux Kernel are released several times annually. But Fraunhofer found many routers hadn’t received security fixes for more than a year. Twenty two of them hadn’t been updated for two years, and one model had gone more than five years without security patches.

Even more worrying is that many routers use versions of Linux that are wildly out of date. More than a third of the devices use version 2.6.36 or even older. The last security update for 2.6.36 came out in early 2011. Fraunhofer researchers found the oldest kernel in use was version 2.4.20 released in 2002, residing in the Linksys WRT54GL. Interestingly, Google lists a user review rating of 4.6 out of 5 for this router. And if your PC ran a version of Windows that was current when Linux 2.4.20 came out, you would be using Windows XP.

Fraunhofer researchers note there are several mitigation techniques router makers could employ to thwart mischief. But they usually don’t bother to take advantage of all the techniques at their disposal. For example, few router makers use a technique called ReLocation Read-Only (RELRO). RELRO protects the global offset table so attackers can’t redirect function calls to malware routines. Another seldom-used technique called stack canaries stores special byte sequences that get checked periodically to ensure attackers haven’t overwritten memory locations via buffer overflow attacks that affect how programs execute.

And different vendors seem to prioritize security differently. Fraunhofer says modem maker AVM does better than other vendors when it comes to most aspects of security. However, AVM routers are not flawless. Researchers also claim ASUS and Netgear do a better job on some aspects of security than D-Link, Linksys, TP-Link, and Zyxel.

Still, when it comes to modem security, the Fraunhofer report shows the choices range from least worst to terrible.

You may also like:

  • BLE hacks
    Breaking BLE — Vulnerabilities in pairing protocols leave Bluetooth devices…
  • RF won't hurt you
    No, IoT RF radiation won’t cause a pandemic
  • lidar
    A better way to measure LiDAR
  • flash
    Flash memory keeps cars connected

  • Everything you thought you knew about IoT security is wrong

Filed Under: Applications, Connectivity, Consumer Electronics, Featured, IoT, Security Tagged With: commentary

Primary Sidebar

DesignFast

Design Fast Logo
Component Selection Made Simple.

Try it Today
design fast globle

EE Training Center Classrooms

EE Classrooms

CURRENT DIGITAL ISSUE

A frequency you can count on There are few constants in life, but what few there are might include death, taxes, and a U.S. grid frequency that doesn’t vary by more than ±0.5 Hz. However, the certainty of the grid frequency is coming into question, thanks to the rising percentage of renewable energy sources that…

Digital Edition Back Issues

Subscribe to our Newsletter

Subscribe to weekly industry news, new product innovations and more.

Subscribe today

RSS Current EDABoard.com discussions

  • Advice for my disabled son please
  • Very low voltage/power Schmitt trigger?
  • 3D IC Design: Is it possible to stack CPU and FPGA?
  • dc to dc converter sparks when inserting fuse
  • 7 segment display connections

RSS Current Electro-Tech-Online.com Discussions

  • Pet Microchip scan
  • Disabled son needs advice please
  • Modify a digital clamp ammeter ?
  • Confirming whether this circuit will work
  • How does a blinky/flashing ball work?

Footer

Microcontroller Tips

EE World Online Network

  • DesignFast
  • EE World Online
  • EDA Board Forums
  • Electro Tech Online Forums
  • Connector Tips
  • Analog IC Tips
  • Power Electronic Tips
  • Sensor Tips
  • Test and Measurement Tips
  • Wire and Cable Tips
  • 5G Technology World

Microcontroller Tips

  • Subscribe to our newsletter
  • Advertise with us
  • Contact us
  • About us
Follow us on Twitter Add us on Facebook Follow us on YouTube  Follow us on Instagram

Copyright © 2022 · WTWH Media LLC and its licensors. All rights reserved.
The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media.

Privacy Policy