Stories
Slash Boxes
Comments

SoylentNews is people

Millions of Home Wi-Fi Routers are Likely Vulnerable to Unpatched Linux Security Exploits

posted by Fnord666 on Tuesday July 07 2020, @02:57PM   Printer-friendly
from the keep-up-to-date-with-updates dept.

chromas writes:

Millions Of Home Wi-Fi Routers Are Likely Vulnerable To Unpatched Linux Security Exploits

If you're reading this article from home, it's likely that you're connected to a consumer-grade Wi-Fi router, either wirelessly or via hard wired Ethernet. And if that's the case, you should probably take this time to upgrade your router's firmware ASAP. That is if an update is even available from the manufacturer.

We say this because the Fraunhofer Institute for Communication (FKIE) in Germany recently performed test of 127 home routers, to probe them for their resistance to security threats. Of the routers the researchers tested, 91 percent of them were found to be running some version of embedded Linux, which isn't surprising.

What was surprising, however, was that the researchers found that not a single router was free of security flaws. In fact, it was discovered that many of these routers were actually susceptible to hundreds of known security vulnerabilities.

Reference:
Peter Weidenbach, Johannes vom Dorp. Home Router Security Report 2020 (pdf), FKIE

Original Submission

 
This discussion has been archived. No new comments can be posted.
Millions of Home Wi-Fi Routers are Likely Vulnerable to Unpatched Linux Security Exploits | Log In/Create an Account | Top | 40 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by RS3 on Tuesday July 07 2020, @04:31PM (5 children)

    by RS3 (6367) on Tuesday July 07 2020, @04:31PM (#1017749)

    But what happens when it doesn't get software/firmware updates?

    Pure fantasy-land, I know, but I dream of a world where something is actually fully debugged and finished before it's shipped. No update needed ever.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2) by DannyB on Tuesday July 07 2020, @05:54PM (1 child)

    by DannyB (5839) Subscriber Badge on Tuesday July 07 2020, @05:54PM (#1017787) Journal

    But . . . consider things that get updates, and have been around forever . . .
    * car radios and infotainment
    * television sets
    * phones
    * pocket calculators
    * thermostats
    * doorbells
    * pet feeders
    * personal music player devices (with auto-reverse!)

    How could a product ever be made goodfully enough to be fit for sale at the time you buy it?

    --
    To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.

    • (Score: 2) by RS3 on Tuesday July 07 2020, @07:02PM

      by RS3 (6367) on Tuesday July 07 2020, @07:02PM (#1017822)

      Oh DannyB, you almost got me!! My sarcasm detector was having an afternoon siesta.

      You forgot bidets!! They've been getting hacked by the black ops. What a mess.

      They're just grooming us for the final complete takeover by the machines.

  • (Score: 0) by Anonymous Coward on Tuesday July 07 2020, @06:25PM (1 child)

    by Anonymous Coward on Tuesday July 07 2020, @06:25PM (#1017808)

    Are they done finding all the flaws in 10+ year old hardware (spectre, meltdown)? Once we get secure hardware we can get back to writing a secure OS for it.

    I project finishing this secure OS, maybe with a secure program to run on it, sometime next century. Hope we still have 110AC to run the secure ATX power supply for our secure Pentium.

    • (Score: 3, Interesting) by RS3 on Tuesday July 07 2020, @07:17PM

      by RS3 (6367) on Tuesday July 07 2020, @07:17PM (#1017826)

      It's complicated- not really hardware, but there have been some interesting pure hardware vulnerabilities (Rowhammer, RAMbleed, and a few others that are considered pretty low impact.) Problems are mostly in CPU firmware. You can argue that the hardware allows the vulnerability, but at some point, that's the purpose of hardware- to do the work that the firmware/software instructs it to, right? Do away with all RAM cache, branch prediction, etc., and you'll be much safer, but you'll wish for that old '486 back (which might not be a bad thing at this point...)

      Actually, as I'm typing this on a computer powered by a ~10 year old CPU, Intel isn't bothering to update 10 year old CPUs. What little firmware updates they've released, it's up to the infernal computer / motherboard manufacturers to update BIOS (that can load CPU firmware). I'm not aware of a way to update CPU firmware from Windows (but I'd love to learn if someone knows.)

      Linux kernel loads CPU firmware where/when the updates are available, plus the kernel has many mitigations, but not all.

      Check yours here (for Linux): (SN code made incorrect links of these- leaving off the parameters. Tch tch.)

      # "https://github.com/speed47/spectre-meltdown-checker"
      # "git clone https://github.com/speed47/spectre-meltdown-checker.git" [github.com]
      # or "wget https://meltdown.ovh [meltdown.ovh] -O spectre-meltdown-checker.sh"
      # or "curl -L https://meltdown.ovh [meltdown.ovh] -o spectre-meltdown-checker.sh"

  • (Score: 2) by PiMuNu on Wednesday July 08 2020, @08:57AM

    by PiMuNu (3823) on Wednesday July 08 2020, @08:57AM (#1018110)

    > Pure fantasy-land, I know

    Yes, it is. There has been *no* personal computer made in the last decade without an exploit - thanks to exploits found in Intel et al hardware.