![[FCO]FreeCoursesOnline](https://onehack.us/uploads/default/original/3X/b/4/b4d2fc8468becec1e9976784dba394e5a378ec81.jpg){kind=small}
Introduction
Botnets like Bashlite and Mirai have shown that vulnerable embedded devices can be a major risk to users and the internet itself. In 2016 these botnets launched a distributed denial-ofservice attack (DDoS)
1 with a capacity of more than 1 terabit per second.
2 Routers are more vulnerable than other embedded device because they can be reached from the internet directly.
Additionally, they normally operate 24/7. Furthermore, these devices just got more important, since the Covid-19 virus forces many people to stay at home and work from home. In this study we looked at the security of 127 current routers for private use of seven large vendors selling their products in Europe. We used the Firmware Analysis and Comparison Tool (FACT)
3 to automatically extract and analyze the most recent firmware version of these routers.
The following five security related aspects were analyzed:
- When were the devices updated last time?
- Which operating system versions are used and how many known critical vulnerabilities
affect these operating system versions? - Which exploit mitigation techniques do the vendors use? How often do they activate these
techniques? - Do the firmware images contain private cryptographic key material?
- Are there any hard-coded login credentials?
Our analysis shows alarming results. There is no router without flaws. 46 routers did not get any
security update within the last year. Many routers are affected by hundreds of known vulnerabilities. Exploit mitigation techniques are used rarely, which makes matters even worse. Some routers have easy crackable or even well known hard-coded passwords.
However, there are differences between the vendors. Some of the vendors seem to care more about security than other vendors. Especially one is ahead of the others in most categories. Nevertheless, we cannot tell for sure that some vendors really do a better job all the time, because there might be false positive and false negative results regarding static analysis done by FACT. Therefore, we discuss the reliability of the results regarding security related aspects, as well. This report is structured in the following way: In chapter 2 we give a detailed overview of our evaluation corpus and why we built the corpus the way it is. We provide some information about the CPU architectures and Operating Systems powering the devices, too. Chapter 3 presents details about the analyzed aspects and the results of our evaluation. The individual sections of this chapter include the reliability discussions as well. Finally, chapter 4 describes our conclusions.
Contents
- 1 Introduction
- 2 Evaluation Corpus
- 2.1 Operating Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
- 2.2 CPU Architectures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
- 3 Evaluation
- 3.1 Days Since Last Firmware Update Release . . . . . . . . . . . . . . . . .
- 3.2 Operating System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
- 3.3 Exploit Mitigation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
- 3.4 Private Key Material . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
- 3.5 Hard-coded Login Credentials . . . . . . . . . . . . . . . . . . . . . . . . . . .
- 4 Conclusion 20
Happy learning!