Popular routers contain hundreds of known security flaws

In a German study of more than 100 home routers, researchers found that every single product had one or more known security flaws.

The study, conducted by Fraunhofer Institute for Communication, which assessed the firmware on 127 routers made by seven different brands found that many of the routers had hundreds of flaws.

Even when firmware updates are loaded onto routers, which are opportunities to patch known security flaws, researchers say they often fail to fix known security errors. 

This means that even when customers are doing the right thing by downloading the latest firmware, their  

‘Even if the routers got recent updates, many of these known vulnerabilities were not fixed. What makes matters even worse is that exploit mitigation techniques are used rarely,’ they write. 

‘Some routers have easy crackable or even well known passwords that cannot be changed by the user.’

When firmware updates are rolled out, they’re often infrequent, according to researchers. The worst router assessed only rolled out one firmware update in five years. 

According to the researchers, 90 percent of the routers analyzed, which come from companies like ASUS, Netgear, Linksys, TP-Link and more, used Linux operating systems. 

Researchers say that the updating policy of companies who sell wireless routers lags behind purveyors of software which is usually updated several times every year.

Despite the infrequent updates, they also say that there are means to readily identify vulnerabilities that aren’t being implemented. 

‘Additionally, our evaluation showed that large scale automated security analysis of embedded devices is possible today,’ they write.

‘We used the the Firmware Analysis and Comparison Tool (FACT)1 and it worked very well for almost all firmware images analyzed during this study. FACT is an open source software available on GitHub .’