Researchers examined 127 end-user router models for security vulnerabilities – and found what they found in each individual model. After all, one manufacturer clearly did the best in comparison.
Security researchers from the Fraunhofer Institute for Communication, Information Processing and Ergonomics have investigated a total of 127 router models for private users from seven major manufacturers represented in Europe for security gaps. Unfortunately, none of the tested models were free from weaknesses.
In their investigation, the researchers focused primarily on a few key questions, such as how often a device receives updates, what intrusion protection manufacturers use, or whether permanently installed access data could pose a security vulnerability.
The researchers are alarmed by the results
The results are sometimes alarming, according to the researchers: 46 routers have not received any security updates in the past year, and many routers have been affected by hundreds of known security vulnerabilities. Defense mechanisms would hardly be used and, moreover, easy to crack or even known passwords would be permanently built into some models without the user being able to change them. Another major problem is that many devices use an older Linux version as the operating system. Most devices still use Linux kernel 2.6, which has not been maintained for years.
It is clear that manufacturers prioritize the topic of safety very differently. In particular, the Berlin company AVM – manufacturer of the FritzBox router – outperforms its competitors in most security aspects here. However, AVM’s routers are not completely error-free. In addition, ASUS and Netgear routers are at least superior to those of the manufacturers D-Link, Linksys, TP-Link and Zyxel in some security-relevant areas.
In general, however, none of the tested routers in all areas could be considered completely safe. Manufacturers should put in a lot more effort so that home devices are as secure as those for servers.