News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Home router warning: They’re riddled with known flaws

    Posted on CADesertRat Comment on the AskWoody Lounge

    Home Forums Networking – routers, firewalls, network configuration Home router warning: They’re riddled with known flaws

    • This topic has 17 replies, 13 voices, and was last updated 1 month ago.
    Viewing 7 reply threads
    • Author
      Posts
      • #2278017 Reply
        CADesertRat
        AskWoody Plus

        This is pretty sobering news!

        https://www.zdnet.com/article/home-router-warning-theyre-riddled-with-known-flaws-and-run-ancient-unpatched-linux/

         

        Germany’s Fraunhofer Institute for Communication (FKIE) has carried out a study involving 127 home routers from seven brands to check for the presence of known security vulnerabilities in the latest firmware. The results are appalling.

        The FKIE study found that 46 routers hadn’t got a single security update within the past year and that many routers are affected by hundreds of known vulnerabilities.

        It also found that vendors are shipping firmware updates without fixing known vulnerabilities, meaning that even if a consumer installs the latest firmware from a vendor, the router would still be vulnerable.

        Don't take yourself so seriously, no one else does 🙂
        4 Win 10 Pro at 1909 (3 Desktops, 1 Laptop).

        6 users thanked author for this post.
      • #2278030 Reply
        Microfix
        AskWoody MVP

        It also found that vendors are shipping firmware updates without fixing known vulnerabilities

        hmm..why doesn’t that old repeated revelation surprise me.
        The onus should be on ISP’s to protect snoop their customers as well as the manufacturers. This area of computing has been neglected for years and should be first and foremost, as it’s THE hardware portal to the World Wild Web from your device. /facepalm

        | Win8.1 Pro x64 | Linux Hybrids x86/x64 | Win7 Pro x86/x64 Offline |
        3 users thanked author for this post.
        • #2278050 Reply
          Cybertooth
          AskWoody Plus

          Other than installing a BIOS update, installing a router update (assuming they are ever issued) is the scariest white-knuckle process I can think of in terms of maintaining my office computing setup. If a BIOS update goes badly, the PC can get bricked. And if the router update goes badly, then all my PCs lose access to the Internet.

          I’m open to suggestions for performing a router update safely, preferably with a way to undo things if the attempt messes up the device.

           

          3 users thanked author for this post.
          • #2278055 Reply
            Microfix
            AskWoody MVP

            Last time I did a router update, I had the router completely disconnected from the internet and with the router ethernet connected to my netbook (my safe goto for this kinda stuff), I backed up the router/isp settings then updated the router with the firmware that was previously downloaded which inturn required a router reboot.
            (cold sweaty moment on reboot)

            Once rebooted and successful 🙂 I re-introduced the saved ini ISP/Settings to the router, checked over the settings and reconnected to the internet. job done.

            ONE thing I do not like about this, that I think should be an industry standard, is there is no facility to save the previous router firmware as a failsafe, for re-introduction, should anything go wrong.(as there used to be with old PC bios firmware updates)

            | Win8.1 Pro x64 | Linux Hybrids x86/x64 | Win7 Pro x86/x64 Offline |
            5 users thanked author for this post.
            • #2278785 Reply
              anonymous
              Guest

              Confirming that your freshly configured or upgraded (sometimes downgraded) router can export the new settings is one task to do before logging out.

          • #2278066 Reply
            Ascaris
            AskWoody_MVP

            I’ve had a router bricked before, and I successfully debricked it using ssh. I don’t have the knowledge to do this by memory, but my router model was popular enough (with DD-WRT firmware) to have a step-by-step guide.

            If your router is not also your modem, you can get online by directly connecting the modem to the PC with an ethernet cable.

            Group "L" (KDE Neon User Edition 5.19.4).

            3 users thanked author for this post.
            • #2278082 Reply
              Myst
              AskWoody Plus

              If your router is not also your modem, you can get online by directly connecting the modem to the PC with an ethernet cable.

              My modem and router are all in one with DSL. After days of searching for a compatible modem/router about 3 years ago, and setting it up being a pain in the b**t, it works. Would rather have modem and router separate. Not altogether sure what’s out there to work with AT&T DSL, so I have my “AT&T approved” Netgear modem/router set with all safety protocols in place. That’s all I can do I suppose.

              Win7 SP1 Home x64, MacOS / Chromebook

              2 users thanked author for this post.
              • #2278116 Reply
                Ascaris
                AskWoody_MVP

                Would rather have modem and router separate. Not altogether sure what’s out there to work with AT&T DSL, so I have my “AT&T approved” Netgear modem/router set with all safety protocols in place. That’s all I can do I suppose.

                You might be able to put the modem/router into bridged mode, acting just as a modem, and use a router of your choosing.  I’ve done that for years with my ISP-supplied router/modem.

                Group "L" (KDE Neon User Edition 5.19.4).

                2 users thanked author for this post.
          • #2278179 Reply
            Michael432
            AskWoody_MVP

            I agree completely about the danger in updating the firmware of a router. For some advice on minimizing the risks see

            https://routersecurity.org/firmware.updates.php

            And, there are routers that keep two copies of the firmware – from a company called Peplink. Their cheapest model is my favorite router, it goes for about $200. Having the fallback firmware has saved me many times. For more see

            https://michaelhorowitz.com/Router.Firmware.Trick.php

            Get up to speed on router security at RouterSecurity.org

            2 users thanked author for this post.
      • #2278103 Reply
        anonymous
        Guest

        My router did not start its life as a “cloud ready” device but the release notes did not disclose that latest change, something about improving the installation procedure. Why does it now need to redirect to the manufacturer’s site to locally manage the network?

        2 users thanked author for this post.
        • #2278115 Reply
          Paul T
          AskWoody MVP

          Because everything “cloud” is good, m’kay.

          It seems to me to be another point of attack from the hordes.

          cheers, Paul

          4 users thanked author for this post.
        • #2278149 Reply
          CADesertRat
          AskWoody Plus

          My router did not start its life as a “cloud ready” device but the release notes did not disclose that latest change, something about improving the installation procedure. Why does it now need to redirect to the manufacturer’s site to locally manage the network?

          Agreed, my router is ancient and still works well but the last firmware update was about 12 years ago LOL. I’ve been looking at new routers but I do NOT want a cloud setup/access and most of them seem to have gone that way. Since I’m not a networking guru like Paul, it’s been a long and unfruitful search so far.

          Don't take yourself so seriously, no one else does 🙂
          4 Win 10 Pro at 1909 (3 Desktops, 1 Laptop).

          4 users thanked author for this post.
        • #2278569 Reply
          Noel Carboni
          AskWoody_MVP

          I had an old Cisco E4200 router do that a few years ago. I stayed on the prior firmware that was purely locally controlled (via a web interface in the router that was ONLY exposed to the LAN) for a while then just replaced it.

          Admittedly, the “threshold of pain” we all have for spending a hundred or two dollars on a new networking device when the old one “still works” (after a fashion) is definitely there.

          But if a router company chooses to take the device I bought and with a software update both dumb it down (fewer accessible features for an expert to program) AND make it “cloud-integrated” where it was not before, there is always alternative hardware, which is almost no doubt faster/better. I prefer to think like this:

          How much would I pay to not be frustrated and worried about my router? What is the real cost and trouble of setting up a new one?

          I replaced that Cisco with a decent D-Link MIMO wifi/router. And, as an added benefit it brought a new feature I actually wanted: A home VPN. From other locations I can get to the Internet via an encrypted connection, with no ongoing fees other than the internet connection I pay for at home anyway. And that also gives me the benefit of the DNS filtering I have set up on my LAN, since the router consults with MY DNS server when providing DNS resolutions to VPN’d in systems.

          -Noel

          2 users thanked author for this post.
          • #2278679 Reply
            Cijan
            AskWoody Plus

            I am going through the same thing – trying to research and select a new router, as mine is as old as CADesertRat’s! Everytime I think I find one that fits the bill (features, security, price) there are none left ;0!

            I wonder if Neil Carboni could specify the model that he got, please? And was that recently, or when the CISCO router changed to cloud mode?

      • #2278151 Reply
        DrRon
        AskWoody Plus
      • #2278177 Reply
        Michael432
        AskWoody_MVP

        For “just the facts ma’am” see https://routersecurity.org/RouterNews.php

        This is the third such study that I am familiar with. All had similar results. The first one was back in Jan. 2016 from the Wall Street Journal.

        https://www.wsj.com/articles/rarely-patched-software-bugs-in-home-routers-cripple-security-1453136285

        Get up to speed on router security at RouterSecurity.org

        • This reply was modified 1 month ago by Michael432.
      • #2278218 Reply
        NetDef
        AskWoody_MVP

        The state of “inexpensive” home grade routers and Wi-Fi equipment has long been a problem, and it’s one of the reasons our company has started issuing SMB class routers for critical mission remote staff.

        There are problems in that sector too, but we get slightly better security and much better performance/stability for those use cases.

        But even with the cheap routers, there are things everyone can and should do to reduce risk.

        The three most important, in order of priority:

        1. Upgrade firmware out of the box, and check for updates quarterly (or more often.)
        2. Change the Admin account credentials out of the box.
        3. Set DNS on the DHCP management tab in the routers advanced settings to one you know and trust.  (We like 1.1.1.1 / 1.0.0.1 or OpenDNS.com assignments.) (Subtopic, you can also change the assigned DNS from your Internet Provider to these on the routers WAN settings without changing the IP assignment on most models.)

        And seriously, if your router is more than 7 years old – or it’s not gotten a manufacturer supported update in the last two years – consider replacing it with a modern model!

         

        ~ Group "Weekend" ~

        1 user thanked author for this post.
      • #2278592 Reply
        MrJimPhelps
        AskWoody_MVP

        My modem and router are all in one with DSL. After days of searching for a compatible modem/router about 3 years ago, and setting it up being a pain in the b**t, it works. Would rather have modem and router separate. Not altogether sure what’s out there to work with AT&T DSL, so I have my “AT&T approved” Netgear modem/router set with all safety protocols in place. That’s all I can do I suppose.

        My ISP (also my local phone company) sells a DSL modem – I think I paid $25 for it. This allowed me to connect my own router to their modem.

        Group "L" (Linux Mint)
        with Windows 8.1 running in a VM
        1 user thanked author for this post.
        • #2278657 Reply
          Myst
          AskWoody Plus

          Not sure my ISP provides anything except the combo modem/router. They pretty much have control over the service with few options. I do like AT&T for reliability on other issues like the connection in general and very seldom have problems. Plus the whole system seems to run securely and I believe that’s their QA at work. Nothing is perfect. But we can make sure to have our incoming and outgoing traffic running as securely as possible.

          Win7 SP1 Home x64, MacOS / Chromebook

      • #2278727 Reply
        wavy
        AskWoody Plus

        ONE thing I do not like about this, that I think should be an industry standard, is there is no facility to save the previous router firmware as a failsafe, for re-introduction, should anything go wrong.(as there used to be with old PC bios firmware updates)

        You got to research the router before buying, mine has a firmware save option IIRC but it does not matter since I always dl to a hdd and do the upgrade from that after a config save. (Some routers specs discourage using the config file on a new firmware)

        🍻

        Just because you don't know where you are going doesn't mean any road will get you there.
    Viewing 7 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Home router warning: They’re riddled with known flaws

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.