Could Your Router Be The Biggest Security Flaw in Your Linux System?

Is your home router leaving your network vulnerable to attack? New research suggests that this worrisome scenario is more likely than you may have thought. A Fraunhofer Institute for Communication (FKIE) report reveals that the firmware used in a large number of popular home routers is susceptible to malware and other serious exploits in cybersecurity.

We explored the importance of prioritizing data and network security in a recent LinuxSecurity.com feature article: Top Tips for Securing Your Linux System in 2020 and thought it was important to dive deeper into the topic given these critical new findings. In this article, we will review a recent study, popular flaws in router systems, and how to mitigate such network security threats prior to any breach.

Study Regarding Router Security Vulnerabilities

After examining 127 home routers from seven leading brands (Netgear, Linksys, D-Link, ASUS, AVM, TP-Link, and Zyxel), FKIE security researchers discovered that, on average, these routers contained 53 critical cyber security vulnerabilities, and none of the routers were fully protected. Many of these routers never received a firmware update, making them susceptible to various network security issues. To make matters worse, certain vendors have been shipping firmware updates without fixing known security bugs. Fifty of the routers examined in the study used hard-coded credentials, where known credentials were encoded into the router by default, emitting at least five keys per firmware image. FKIE took these observations into account when stating, “The updated policy of router vendors is far behind the standards as we know it from desktop or server operating systems. However, routers are exposed to the Internet 24 hours a day, leading to an even higher risk of malware infection.” The organization emphasizes the need for industry-wide improvements in router data and network security.

Ninety percent of the routers involved in FKIE’s recent study were powered by Linux. If router manufacturers were staying on top of software updates and applying the latest security patching and fixes, this could become a huge victory in the security realm. Unfortunately, the researchers found that the majority of manufacturers were falling down on the job, leaving the devices they sold vulnerable to a multitude of exploits in cyber security.

Because of the transparency of its source code, Linux has the potential to be a highly secure OS, more so than proprietary alternatives like Windows or MacOS; however, misconfigurations and poor administration often leave cyber security vulnerabilities within Linux systems likely to face an attack. In this case, Linux and the attentive, conscientious global community behind it have made the job of router vendors much easier.

Johannes vom Dorp, a member of FKIE's Cyber Analysis & Defense department, explains: "Linux works continuously to close security vulnerabilities in its operating system and to develop new functionalities. Really, all the manufacturers would have to do is install the latest software, but they do not integrate it to the extent that they could and should." Vom Dorp elaborates on this widespread negligence: “Most of the devices are powered by Linux, and security patches for the Linux kernel and other open-source software are released several times a year. This means the vendors could distribute security patches to their devices far more often, but they do not." 

FKIE’s research proves there are various network security issues at risk due to poorly configured router security. The widespread cyber security vulnerabilities present in home routers are leaving systems worldwide susceptible to compromise. Therefore, companies must work to be more aware of the threats they face and how to take care of them to ensure data and network security.

Key Router Attack Vectors

There are many methods that cybercriminals will utilize in order to instigate an attack on your business. Here are some of the more frequent and common cyber security vulnerabilities that threat actors exploit in the process of a router security issue:

• Firmware weaknesses: When preparing a device for release, a company may not perform sufficient testing to make sure no security patching is needed to protect the software from any risks. This could be the result of human error, and threat actors will take advantage of such oversights to break into a system.
• Credential hacking: If your business is managing more than one account but still using the same login information among all of the platforms, whether they are default or easy-to-remember passwords, hackers can initiate brute-force attacks in order to access the router and its configurations.
• Device misconfigurations: Your company should try to avoid utilizing the automatic router configurations and features, as those tend to make it easier for malicious actors to breach and reach secure information. This can sometimes be the fault of the router manufacturer, who leaves the end user in charge of setting up the security system.
• Outdated technology: Certain firmware may not be updated automatically, resulting in old libraries, weak security checks, and other faulty architectural features. Hackers can abuse such issues in order to break into a system. Your company may ignore these cyber security vulnerabilities because of the price you must pay for upgrades, but it is worth it in the long run to keep your business safe. 
• Insider threats: Users within a company who have access to privileged information could weaken the security of the router and the business overall should they abuse their reach. If such employees have malicious intent, a company can face significant risk just by providing the worker access in the first place, leaving the system susceptible to all kinds of cybersecurity vulnerabilities.

How Can I Improve Router Security?

When it comes to remedying this industry-wide fiasco, the majority of the responsibility lies in the hands of router manufacturers and vendors. Here are some tips and recommendations for users looking to improve the security posture of their home router in the process of dealing with this rising network security threat:

• Update firmware frequently: Staying on top of firmware updates is crucial in preventing attacks that exploit firmware cyber security vulnerabilities that could compromise your system and company overall. 
• Change router passwords: A known password comes encoded into your router by default. Replacing this password is imperative in protecting your privacy and maintaining a secure system.
• Do your research before purchasing a router: While none of the routers that FKIE studied were without flaws, some brands fared far better than others in terms of security. FKIE concludes: “AVM does a better job than the other vendors regarding most aspects. ASUS and Netgear do better in some aspects than D-Link, Linksys, TP-Link, and Zyxel.”

Replacing the Linux firmware in your home router is also an excellent option for mitigating the risk that network security issues in your router pose to your entire system.

Final Thoughts on Protecting Your Linux System

Awareness of the risks you face with unsafe routers is the first step in protecting your company's security. As we have seen, there are various real-life examples of businesses facing severe network security threats and issues due to flawed router configurations. All companies should be aware of any cyber security vulnerabilities they face within their day-to-day operations so that they can do what is needed to reinstate proper safety measures and improve security posture.