Millions Of Home Wi-Fi Routers Are Likely Vulnerable To Unpatched Linux Security Exploits
If you're reading this article from home, it's likely that you're connected to a consumer-grade Wi-Fi router, either wirelessly or via hard wired Ethernet. And if that's the case, you should probably take this time to upgrade your router's firmware ASAP. That is if an update is even available from the manufacturer.
We say this because the Fraunhofer Institute for Communication (FKIE) in Germany recently performed test of 127 home routers, to probe them for their resistance to security threats. Of the routers the researchers tested, 91 percent of them were found to be running some version of embedded Linux, which isn't surprising.
What was surprising, however, was that the researchers found that not a single router was free of security flaws. In fact, it was discovered that many of these routers were actually susceptible to hundreds of known security vulnerabilities.
Reference:
Peter Weidenbach, Johannes vom Dorp. Home Router Security Report 2020 (pdf), FKIE
(Score: 3, Interesting) by RS3 on Tuesday July 07 2020, @07:17PM
It's complicated- not really hardware, but there have been some interesting pure hardware vulnerabilities (Rowhammer, RAMbleed, and a few others that are considered pretty low impact.) Problems are mostly in CPU firmware. You can argue that the hardware allows the vulnerability, but at some point, that's the purpose of hardware- to do the work that the firmware/software instructs it to, right? Do away with all RAM cache, branch prediction, etc., and you'll be much safer, but you'll wish for that old '486 back (which might not be a bad thing at this point...)
Actually, as I'm typing this on a computer powered by a ~10 year old CPU, Intel isn't bothering to update 10 year old CPUs. What little firmware updates they've released, it's up to the infernal computer / motherboard manufacturers to update BIOS (that can load CPU firmware). I'm not aware of a way to update CPU firmware from Windows (but I'd love to learn if someone knows.)
Linux kernel loads CPU firmware where/when the updates are available, plus the kernel has many mitigations, but not all.
Check yours here (for Linux): (SN code made incorrect links of these- leaving off the parameters. Tch tch.)
# "https://github.com/speed47/spectre-meltdown-checker"
# "git clone https://github.com/speed47/spectre-meltdown-checker.git" [github.com]
# or "wget https://meltdown.ovh [meltdown.ovh] -O spectre-meltdown-checker.sh"
# or "curl -L https://meltdown.ovh [meltdown.ovh] -o spectre-meltdown-checker.sh"