-brought to you by IBM Routers: A Modern-Day Essential in Dire Need of Better Security April 8, 2019 | By Grzegorz Wypych Co-authored by Limor Kessem "The American Consumer Institute (ACI) looked into router security and found that no less than 83 percent of routers harbor high-risk vulnerabilities, many of which are open-source flaws. This staggering ratio accounts for both home and office routers and includes major name brands sold around the world. Routers are not just a relay switch; they have their own operating systems, their own software and, inevitably, their own vulnerabilities. Router vulnerabilities are rather common and can be attributed to various factors. It starts with internet service providers (ISPs) issuing the same router to millions of customers and inadvertently allowing vulnerability aggregation when zero-days arise, but it has more to do with the software that runs routers. Most manufacturers outsource firmware that gets developed with costs in mind. As such, it is rarely elaborate and, judging by the amount of router vulnerabilities out there, also rarely tested or secure. Making matters worse is the patch and update process: When was the last time you got a message prompting you to update your router’s firmware? Likely almost never. This means that even when patches are dealt with and become available to the public, most users will never know of them or know to take action." We won’t delve into open networking ports and unsecured protocols that run home routers — think Universal Plug and Play (UPnP), Home Network Administration Protocol (HNAP) and the Wi-Fi Protected Setup (WPS) password — but those interested in further reading should look them up. How much do these vulnerabilities matter? A lot. At the very least, router vulnerabilities can lead to consumer data being compromised and used by attackers. The same issue can allow criminal/nation-state third parties to spy on users, send them to phishing and malware-hosting websites, or alter data the user sends out when browsing the internet. Routers can also be infected by malware and enslaved by a malicious internet of things (IoT) botnet such as VPNFilter, which can eavesdrop on traffic passing through the router, or the Mirai botnet, which disrupted internet connections as well as telephony and television services in Germany for days before it was possible to stop the mayhem." Buffer Overflow Vulnerability in TP-Link Routers Can Allow Remote Attackers to Take Control _________________________________________________________________________________________________________________________________________________________________ Scary. And this affect nearly all home user routers. All brands, Linksys, Cisco, Qualcomm, as they all use Linus and have the same backdoor vulnerability access port security holes. The trouble is manufacture of consumer Wi-Fi Routers was outsourced to the same vendors across the United States so no one, except perhaps business class manufactured networks are protected. I looked into this issue, the patches offered only to make the vulnerability appear to be concealed, but not really closed. ISP typically give a pat answer to questions about this, which is if a person doesn't have your network password you're OK. But really everyone is vulnerable.
Scary that all the U.S. manufacturers, and U.S. made routers, have the same security flaws. Why'd they make them all this way? Was it intentionally put in so the Federal Government could spy in on us, and keep tabs on us, like Facebook, do you think? ___
Any system will always have flaws in it. There is probably a 95% chance that you can have the most vulnerable router and you never suffer consequences from it. Just face it, average family doesn’t have much on their networks that would be of interest to real professional hackers. Also, absolute majority of the ISP users get new IP addresses every time they restart their modems, making it pretty difficult to trace a particular user long term. Most of the secure websites that involve money (banks, credit cards) encrypt your passwords within the browser, which means your crappy router will never be able to catch it and pass it down to someone else. So, get over yourselves, no government or hackers are exploiting your $50 routers - there is simply nothing of interest to them in doing so.
Unless you're in the UK where the government has criminalized Facebook posts and is going after people. We had one member in this very forum, Peter Dow, who stated he had been arrested for writing something threatening about the queen in an angry rant on Twitter. They took all his papers (he was some sort of engineer or scientist) and he never got them back.
many do not update the hardware on their routers... some still even use the older wep for wireless security
Routers are not public, they are an internal networking device. You need not connect them tl tje internet for them to serve their function, or for them to be hacked.
Thank you. It is still part of the communication network with the outside world. My problem is that I don't have much personal information on my computer. I am not on facebook or anything of that sort and I don't even do my taxes on my computer that I go on the net with. I do have an amazon account though. I only have one credit card and don't even have a debit card. I try to limit my exposure as much as I can.
It has backfired. There is no way in hell to stop foreign governments from interfering in other government elections. Unless you play for blood.