Your broadband router can be found between your home network and the internet. Many times this modest device goes unnoticed, but it’s your first line of defense against viruses, malware, and hackers.
It’s pretty common for users to make the assumption that the most current firmware for their router provides the necessary protection against cyber threats. So imagine the shock when the latest research discovered that even the most current broadband router firmware is still incredibly vulnerable.
Firmware is the operating system and software that is in control of the features on your router, right from the configuration options to the advanced network security features and the blinking lights. The firmware in your router, like the operating system in your computer, contains thousands of system files, and any of these contain the risk of security vulnerability.
Just like the software you install on your computer, you need to maintain and frequently update the firmware in order to alleviate security vulnerabilities. The problem is that it has been discovered that even the most current firmware contains security holes.
While testing how secure the devices actually were, we removed the firmware from the current broadband routers that were available, 37 in total. Then we reverse engineered the firmware so that we could analyze each of the components, like the executable files, system libraries, and operating system. Doing this ensured that we could build an all-inclusive database of devices, software versions, and all the known vulnerabilities.
What was discovered was that 90 percent of the analyzed components were actually more than six years old. In each instance of the firmware, we discovered obsolete software that had security issues that were known, no matter what the release date or who the manufacturer was.
Old software may not sound like a big deal. However, security experts agree that all developers should start from a solid base, building upon well-maintained and up-to-date software components.
Still, there are far too many people that are not aware of these critical security vulnerabilities that surprisingly were identified more than 10 years ago and are still a problem today. Cyber threats change incredibly fast, and when it comes to them, six months is a long period of time, a couple of years are an eternity, and 10 years… well, we’re sure you get it.
Components that have become obsolete will usually have well-known security issues that general hacking software and security testing tools exploit into simple “point-and-click” interfaces. This is why the older firmware components remain a critical issue and a huge concern.
It’s more than just routers
Firmware powers both Internet of Things (IoT) and smart devices. If this pattern continues, then it isn’t going to be too far in the future when malware is capable of infecting things like fridges that are internet-enabled.
The most recent research has begun to crack open the IoT devices. The first device looked at was a 2015 internet-enabled security camera with 2008 key security components and an operating system that was obsolete.
This is certainly alarming, but in no way did the research indicate that consumer routers were being frequently attacked. Nothing on a larger scale seemed to be happening. However, this does indicate that there is an environment where the frequency and severity of attacks is likely to significantly increase in the near future.
The bottom line is that you can follow superior cyber security practices and yet still not be protected adequately. If you put your trust into the current firmware, assuming it’s providing adequate protection, you could be caving in to a false sense of security that does not actually exist. The core workings of the majority of router firmware uses open-source software that’s as old as 10 years, and too often this open-source software isn’t actually maintained by professionals but rather part-time devotees.
It’s very obvious that broadband routers are vulnerable to numerous cyber security threats. The trouble is that currently there is very little motivation for the manufacturers to make their firmware any better. With the lack of accountability or transparency combined with clueless users, the environment and the market that pays the first to market tenfold, what we get instead of robust improvements in security are things like stylish antennas.
How to protect yourself
The research we conducted isn’t meant to suggest every firmware update is for nothing. Where the problem comes in is that there appears to be no transparency, and we have no idea what is included in the firmware of our device. The best advice we can give you is to keep your devices up to date at all times.
Using multi-layer defenses like firewalls and virus scanners can also provide better protection. The built-in services in the Windows operating system offer tools like Windows Firewall and Windows Defender. You need to ensure that these services are always kept updated with the most current versions.
You can also take advantage of third-party antivirus software to scan your computer, although sometimes people find them more invasive than beneficial. Third-party products sometime include programs that are unwanted, such as annoying toolbars that slow down your internet connection or your computer. Make sure to have a look at a number of product reviews before you decide what software you can trust.
Manufacturers are really the only ones who can fix the problem. It will take IT professionals and consumers making demands for increased security, but without additional independent device analysis, a large percentage of individuals will not be in a position to understand security issues or the implications of these security issues, which is why there’s such a need for attention in this area.
There are a number of long-term solutions that will work, and we only hope that the industry and security experts in combination with end-users work together to implement significant security improvements before a mass cyber attack threat becomes a reality.