Daily Bulletin

The Conversation

  • Written by The Conversation Contributor
imageYour broadband router might not look like much, but it's your first line of defence against cyber attack.Matt J Newman/Flickr, CC BY-SA

Between your home network and the internet sits your broadband router. This humble device is often overlooked, yet it is also your first line of defence against hackers, malware and viruses.

It’s easy to assume that the latest firmware for your router will provide protection against cyber threats. However, our new research has found that even the latest broadband router firmware remains dangerously vulnerable to attack.

imageA simple overview of what makes your router go.Nikolai Hampton, CC BY

Firmware is the operating system and software that controls all the features of your router, from the blinking lights and configuration options, to advanced network security features. Similar to any desktop operating system, firmware can contain thousands of system files, any of which may contain security vulnerabilities.

Just like any software you would install on your laptop or personal computer, it needs to be maintained and updated frequently to mitigate known security vulnerabilities. Unfortunately, we have found that even the latest firmware contains security holes.

Obsolete software

To test how secure these devices really are, we extracted the firmware from 37 currently available broadband routers. We then reverse engineered the firmware to analyse components such as the operating system, system libraries and executable files. This allowed us to construct a comprehensive database of devices, software versions and known vulnerabilities.

We found that 90% of the components analysed were more than six years old. In every firmware we found obsolete software with known security issues, regardless of the manufacturer or release date.

Old software may not sound like a big deal. However, security experts agree that all developers should start from a solid base, building upon well maintained and up-to-date software components.

imageTimeline of selected significant software components - a historic perspective.Nikolai Hampton, CC BY

Yet many people probably don’t realise that critical security vulnerabilities identified a decade ago are still present. Cyber threats evolve rapidly, and six months is a long time, two years an eternity, and a decade – well, you get the picture!

Obsolete components often have security issues that are so well known that common security testing tools and hacking software even incorporate their exploits into simple “point-and-click” interfaces. So old firmware components are a major concern.

It’s not just routers

Internet of Things (IoT) and smart devices are also powered by firmware. If the pattern we have found continues, then it won’t be long before we find a piece of malware that can infect your internet enabled refrigerator.

Our latest research has started “cracking open” IoT devices. The first device examined was a 2015 internet enabled security camera that had an obsolete operating system and key security components from 2008.

While alarming, our research does not suggest that consumer routers are being attacked frequently or on a large scale. It does, however, indicate an environment where attacks are likely to increase in frequency and severity in the near future.

So you can follow best cyber security practices and still fail to be adequately protected. You may also have a false sense of security if you believe the latest firmware will provide adequate protection. In reality, the core components of most router firmware are built on open source software released up to a decade ago, and (on many occasions) maintained by part-time enthusiasts rather than professionals.

Broadband routers are clearly vulnerable to a range of cyber security threats and manufacturers have little incentive to improve their firmware development practices at the moment. The lack of transparency, accountability and user education breeds an environment that rewards first-to-market devices with multimedia capabilities or stylish antennas, rather than robust security.

How can you protect yourself?

Our research does not suggest that all firmware updates are a waste of time. The problem is the lack of transparency; we simply don’t know what is included in our device firmware.

The best advice remains keeping all of your devices up-to-date.

You can also get better protection by using a multi-layer defences, such as virus scanners and firewalls. The Windows operating system comes with built-in services, including Windows Defender and Windows Firewall. You should make sure that these services are installed, up-to-date and running as a matter of priority.

Third-party anti-virus scanners can help, but some people may find them more intrusive than beneficial. Third party products can also contain unwanted programs and tool bars that can slow your computer or internet connection. You should read a range of product reviews before deciding on what software to trust.

The problem can only be truly fixed by manufacturers. Consumers and IT professionals must demand better security, but without further independent device analysis, many people won’t be equipped to understand the security issues or implications. This is an area that needs serious attention.

We have proposed a range of long term solutions, including a security star rating system, to help users understand how their device compares. We are hopeful that the industry, security experts and end-users can work together to achieve meaningful security improvements, before the threat of mass cyber attacks becomes an every day reality.

Nikolai Hampton is a part owner and director of Impression Research.

Patryk Szewczyk does not work for, consult, own shares in or receive funding from any company or organization that would benefit from this article, and has disclosed no relevant affiliations beyond the academic appointment above.

Authors: The Conversation Contributor

Read more http://theconversation.com/your-broadband-router-is-not-as-secure-as-you-think-it-is-51747

Writers Wanted

From 'common scolds' to feminist reclamation: the fraught history of women and swearing in Australia


Different Ways to Incorporate Natural Stone into Your Home


The Conversation


Prime Minister Interview with Ben Fordham, 2GB

BEN FORDHAM: Scott Morrison, good morning to you.    PRIME MINISTER: Good morning, Ben. How are you?    FORDHAM: Good. How many days have you got to go?   PRIME MINISTER: I've got another we...

Scott Morrison - avatar Scott Morrison

Prime Minister Interview with Kieran Gilbert, Sky News

KIERAN GILBERT: Kieran Gilbert here with you and the Prime Minister joins me. Prime Minister, thanks so much for your time.  PRIME MINISTER: G'day Kieran.  GILBERT: An assumption a vaccine is ...

Daily Bulletin - avatar Daily Bulletin

Did BLM Really Change the US Police Work?

The Black Lives Matter (BLM) movement has proven that the power of the state rests in the hands of the people it governs. Following the death of 46-year-old black American George Floyd in a case of ...

a Guest Writer - avatar a Guest Writer

Business News

Nisbets’ Collab with The Lobby is Showing the Sexy Side of Hospitality Supply

Hospitality supply services might not immediately make you think ‘sexy’. But when a barkeep in a moodily lit bar holds up the perfectly formed juniper gin balloon or catches the light in the edg...

The Atticism - avatar The Atticism

Buy Instagram Followers And Likes Now

Do you like to buy followers on Instagram? Just give a simple Google search on the internet, and there will be an abounding of seeking outcomes full of businesses offering such services. But, th...

News Co - avatar News Co

Cybersecurity data means nothing to business leaders without context

Top business leaders are starting to realise the widespread impact a cyberattack can have on a business. Unfortunately, according to a study by Forrester Consulting commissioned by Tenable, some...

Scott McKinnel, ANZ Country Manager, Tenable - avatar Scott McKinnel, ANZ Country Manager, Tenable

News Co Media Group

Content & Technology Connecting Global Audiences

More Information - Less Opinion