A hacker contest to find new flaws in wireless router security closed last week, uncovering 15 zero-day vulnerabilities in seven popular home and small office routers.
Surprisingly, most of the vulnerabilities had risen from the grave, having been found in other routers and fixed only to return anew (more on that in a moment).
The contest, called SOHOpelessly Broken, centered on the DEF CON 22 hacker conference in Las Vegas. Contestants were asked to crack 11 popular routers before and during the event.
The contest results showed seven wireless routers were breached:
- Asus AC66U – #7 in top selling computer routers on Amazon at the time of this post.
- Netgear WNDR-4700
- DLink 865L
- Belkin N900
- Linksys EA6500
- Trendnet TEW-812DRU
- Actiontec Q1000
The poor state of wireless router security is widely known, but this contest reaffirms the point: a basic wireless router is not enough to protect even the smallest business network.
At this point you may be interested in our recent post: How to Secure a Wireless Router
Out of the 15 vulnerabilities, only four were completely new, according toComputer World. While this might seem like cause for relief, the details are even more disconcerting.
The 11 other vulnerabilities were previously discovered in different models from the same manufacturers. In other words, the manufacturers discovered a flaw in one model and did not bother to check whether it affected other routers they sold.
Clearly, SOHO router manufacturers do not take the security of their customers seriously.
New router security is worse
Some of the routers in the contest have been replaced by manufacturers with new versions. However, this may be a case where the cure is worse than the disease.
Craig Young, security researcher and winner of the contest, told Threatpost that some new wireless router versions are even less secure than their predecessors.
“They went from something that was more secure to less secure. They introduced a diagnostic functionality in version two that made for a backdoor big enough to drive a truck through,” said Young.
This further proves that wireless router manufacturers are more interested in cramming featuresinto their devices than securing them.
Get real network security
Basic wireless routers cannot be trusted to provide quality network security. Time and again, researchers find popular routers from top brands are easy to exploit.
What should you do?
First, don’t trust a cheap wireless router to protect your network or your client’s network. Check the “related resources” below for further proof.
Second, protect your network with a device that focuses on network security and includes automatic updates for security rules and firmware.