/ TitanHQ Blog
/ A Surprising Number of Vulnerabilities Found in Public Wi-fi Devices
Posted by Trevagh Stankard on Tue, Jan 4th, 2022
Wireless is now ubiquitous. We connect to wireless access points and routers every day and we do so with the notion that we are connecting to devices that properly patched and secured. The truth is we aren’t, a truth made evident by a recent study conducted by a team of security researchers and editors from the German IT magazine CHIP. The research team found a total of 226 potential security vulnerabilities in nine of the more popular WiFi routers in production today. The list of devices included Netgear Nighthawk AX12, Asus ROG Rapture GT-AX11000, Edimax BR-6473AX, Linksys Velop MR9600, AVM FritzBox 7530 AX, and AVM FritzBox 7590 AX. At the top of the list was the TP-Link Archer AX6000 that boasted 32 vulnerabilities while second place went to the Synology RT-2600ac router with 30. Said one member of the research group, "The test negatively exceeded all expectations for secure home and small business routers."
Outdated Software was the Primary Culprit
It should be no surprise that the primary culprit was outdated software. Many of these machines ran an outdated version of Linux Kernel. Some had added services such as VPN and multimedia streaming that relied on outdated software. Several devices relied too heavily on older versions of BusyBox that combines small versions of common UNIX utilities into a single executable. To be fair, the group stated that the cost of integrating a new kernel into the firmware of these existing devices would not prove cost effective based on initial price points of these devices. The research team also analyzed the firmware versions for more than 5,000 CVE’s and other documented security issues. While the devices still contained many of the noted vulnerabilities, most of the unpatched flaws are vulnerabilities of lower importance. Only a minority were of critical importance.
Most wireless routers update themselves to the latest software and firmware versions automatically, but only if the user enables the update feature. That’s why it is critical for users to check on their routers periodically and update them. Too often, users or SOHO personnel deploy these routers and then forget about them. Out of sight, out of mind, should not apply to network devices. It is critical that users enable automatic updates, if possible, when first deployed. Some routers must be updated manually, however. This involves downloading the latest updates from the manufacturer’s website and uploading them from a computing device. Some users are intimidated by this process while others simply procrastinate it until some future magic date. While updates for network routers are not released on a regular basis, patching a wireless router should take the same precedence as a Windows 10 PC.
Read article: Make secure Wi-Fi a competitive advantage
Vendors Respond to Findings
The research team notified all the vendors about their findings and each one took some form of action to address them. Asus addressed every issue with a detailed answer and patched the outdated BusyBox version as well as some added software services. D-Link, Edimax and Linksys all published firmware updates to address the discovered issues. Netgear issued updates that addressed the more critical issues at hand while Synology published a major update to the Linux kernel. They also updated BusyBox and PHP while TP-Link addressed the most critical vulnerabilities and promised to add some 50 fixes to the operating system soon.
Changing the Default Password
One of the more critical issues included in the findings was the use of a simple admin password such as “admin.” While such a password may seem ridiculous, default credentials for such devices are readily available on the internet so the default password would be easily obtained regardless of how much complexity was used to create it. While outdated software is certainly a problem, the use of weak default passwords is the biggest security issue for wireless routers. It is critical that users change the admin password immediately upon powering up the device to one using double-digit characters that follow complexity rules. Without that step, outside imposters can connect to your wireless router and take complete control of it. Many enterprise grade network appliances now force the user to create a password upon booting up the device for the first time.
Read article: How to Prevent Password Stealing Attacks
All in all, wireless routers are no different than any other network or computing device. They must be continually patched to protect vulnerabilities from being exploited by attack actors and password security remains the weak link that gives attackers free reign of these devices. While vendors must make a greater effort to design these devices with a security-first mindset, users must take greater responsibility as well. Security after all, requires a village.
Secure your Wi-Fi network from cyberattacks with WebTitan Cloud. See how it works today.
Book Free Demo