Slashdot Mirror

← Back to Stories (view on slashdot.org)

Routers Pose Biggest Security Threat To Home Networks

Posted by Unknown on from the but-it's-a-firewall dept.

Nerval's Lobster writes "The remote-access management flaw that allowed TheMoon worm to thrive on Linksys routers is far from the only vulnerability in that particular brand of hardware, though it might be simpler to call all home-based wireless routers gaping holes of insecurity than to list all the flaws in those of just one vendor. An even longer list of Linksys (and Cisco and Netgear) routers were identified in January as having a backdoor built into the original versions of their firmware in 2005 and never taken out. Serious as those flaws are, they don't compare to the list of vulnerabilities resulting from an impossibly complex mesh of sophisticated network services that make nearly every router aimed at homes or small offices an easy target for attack, according to network-security penetration- and testing services. For example, wireless routers (especially home routers owned by technically challenged consumers) are riddled with security holes stemming from design goals that emphasize usability over security, which often puts consumers at risk from malware or attacks on devices they don't know how to monitor, but through which flow all their personal and financial information via links to online banking, entertainment, credit cards and even direct connections to their work networks, according to a condemnation of the Home Network Administration Protocol from Tenable Network Security. Meanwhile, a January 2013 study from Rapid7 found 40 million to 50 million network-enabled devices, including nearly all home routers, were vulnerable to exploits using UPnP. Is there any way to fix this target-rich environment?" If only there were an easily upgradeable open source router operating system to which vendors could add support for their hardware leaving long term maintenance to a larger community.

4 of 264 comments (clear)

  1. Wow... misconfigured devices are insecure? by Anonymous Coward · · Score: 0, Funny

    Misconfigured devices are insecure? Who'd a thunk it.

    I'd vote that end users pose the biggest security threat to home networks, anyway.

  2. Re:Why I buy apple airports by Anonymous Coward · · Score: 4, Funny

    Apple is the next thing to godliness. Praise Apple. I wish I was an Apple. Eat me.

    [NO CARRIER]

  3. Re:Sigh - what the heck ... by Anonymous Coward · · Score: 3, Funny

    Well, speaking on behalf of other posters here - you are probably supposed to spend all of your time configuring some linuxy version of iptables or some such on a custom router. Then you won't have to worry because you won't have time to play your game...

  4. Re:Sigh - what the heck ... by Imagix · · Score: 3, Funny

    Incentive to pressure your ISP to support a well over a decade old technology, going on two decades.