Nearly 90% of routers contain vulnerable code

Share this…

Five out of six brand routers such as Linksys, NETGEAR, and D-Link, contain known open-source vulnerabilities

Experts in digital forensics report an exorbitant figure regarding to the use of domestic and organizational tasks routers, since 83% of these devices contain vulnerabilities that could be exploited to deploy numerous cyberattacks. Of vulnerable routers, more than a quarter contain critical and high-risk vulnerabilities, according to a report published this week by the American Consumer Institute (ACI).

The study examined 186 WiFi routers from 13 different manufacturers, including Linksys, Belkin, NETGEAR and D-Link, Market Leaders. “If known security failures are not resolved, consumer devices are vulnerable to their data being compromised, resulting in malicious activity, identity theft, fraud, and espionage”, say digital forensics specialists from the International Institute of Cyber Security.

Researchers believe open source libraries are one of the leading causes of security failures in router firmware. “Hackers point to hardware parts as routers, because companies usually stop launching updates for their firmware”.

The limited release of update patches for routers is a systemic problem that affects most consumers and vendors.

“Vulnerability correction is partly in the hands of consumers who need to do know their situation and install firmware updates”, says a section of the report. “In addition, manufacturers often do not provide accessible ways for consumers to upgrade their devices’ firmware or, in the worst cases, companies come to consider creating security protocols on their devices as an unnecessary expense, at least until this generates undesirable consequences”.

This report by experts in digital forensics for the ACI suggests that router vendors create a lot of problems that consumers have to deliver to maintain the security of their devices. “Sometimes, access to firmware upgrades requires consumers to pre-register their products with manufacturers, while other updates are not available online, and other times the older routers are not compatible at all with these protection measures”.

According to the report, of the 186 routers surveyed, only 17% were vulnerability-free. On average, each router contained 172 vulnerabilities, according to the experts in charge of the investigation. The report mentions that 7% of the vulnerabilities were classified as critical, according to the classification of the National Institute of Standards and Technology (NIST). The report found that 21% of the routers’ vulnerabilities were rated as high-risk, 60% average risk, and 12% low-risk.

Researchers believe that providers are failing to protect consumers and need to do a better job not just by patching their firmware, but by taking better security measures more stringent.

“We want these electronic devices to be free of security flaws, and we want user data to remain secure, cannot be corrupted, and of course cannot be distributed without the owner’s permission”, the specialists mentioned.