Millions Of Home Wi-Fi Routers Are Likely Vulnerable To Unpatched Linux Security Exploits
If you're reading this article from home, it's likely that you're connected to a consumer-grade Wi-Fi router, either wirelessly or via hard wired Ethernet. And if that's the case, you should probably take this time to upgrade your router's firmware ASAP. That is if an update is even available from the manufacturer.
We say this because the Fraunhofer Institute for Communication (FKIE) in Germany recently performed test of 127 home routers, to probe them for their resistance to security threats. Of the routers the researchers tested, 91 percent of them were found to be running some version of embedded Linux, which isn't surprising.
What was surprising, however, was that the researchers found that not a single router was free of security flaws. In fact, it was discovered that many of these routers were actually susceptible to hundreds of known security vulnerabilities.
Reference:
Peter Weidenbach, Johannes vom Dorp. Home Router Security Report 2020 (pdf), FKIE
(Score: 2) by RS3 on Tuesday July 07 2020, @04:31PM (5 children)
Pure fantasy-land, I know, but I dream of a world where something is actually fully debugged and finished before it's shipped. No update needed ever.
(Score: 2) by DannyB on Tuesday July 07 2020, @05:54PM (1 child)
But . . . consider things that get updates, and have been around forever . . .
* car radios and infotainment
* television sets
* phones
* pocket calculators
* thermostats
* doorbells
* pet feeders
* personal music player devices (with auto-reverse!)
How could a product ever be made goodfully enough to be fit for sale at the time you buy it?
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 2) by RS3 on Tuesday July 07 2020, @07:02PM
Oh DannyB, you almost got me!! My sarcasm detector was having an afternoon siesta.
You forgot bidets!! They've been getting hacked by the black ops. What a mess.
They're just grooming us for the final complete takeover by the machines.
(Score: 0) by Anonymous Coward on Tuesday July 07 2020, @06:25PM (1 child)
Are they done finding all the flaws in 10+ year old hardware (spectre, meltdown)? Once we get secure hardware we can get back to writing a secure OS for it.
I project finishing this secure OS, maybe with a secure program to run on it, sometime next century. Hope we still have 110AC to run the secure ATX power supply for our secure Pentium.
(Score: 3, Interesting) by RS3 on Tuesday July 07 2020, @07:17PM
It's complicated- not really hardware, but there have been some interesting pure hardware vulnerabilities (Rowhammer, RAMbleed, and a few others that are considered pretty low impact.) Problems are mostly in CPU firmware. You can argue that the hardware allows the vulnerability, but at some point, that's the purpose of hardware- to do the work that the firmware/software instructs it to, right? Do away with all RAM cache, branch prediction, etc., and you'll be much safer, but you'll wish for that old '486 back (which might not be a bad thing at this point...)
Actually, as I'm typing this on a computer powered by a ~10 year old CPU, Intel isn't bothering to update 10 year old CPUs. What little firmware updates they've released, it's up to the infernal computer / motherboard manufacturers to update BIOS (that can load CPU firmware). I'm not aware of a way to update CPU firmware from Windows (but I'd love to learn if someone knows.)
Linux kernel loads CPU firmware where/when the updates are available, plus the kernel has many mitigations, but not all.
Check yours here (for Linux): (SN code made incorrect links of these- leaving off the parameters. Tch tch.)
# "https://github.com/speed47/spectre-meltdown-checker"
# "git clone https://github.com/speed47/spectre-meltdown-checker.git" [github.com]
# or "wget https://meltdown.ovh [meltdown.ovh] -O spectre-meltdown-checker.sh"
# or "curl -L https://meltdown.ovh [meltdown.ovh] -o spectre-meltdown-checker.sh"
(Score: 2) by PiMuNu on Wednesday July 08 2020, @08:57AM
> Pure fantasy-land, I know
Yes, it is. There has been *no* personal computer made in the last decade without an exploit - thanks to exploits found in Intel et al hardware.