“No Router Without Flaws,” Warning For Remote Workers

Share on facebook
Share on twitter
Share on linkedin

A study has found security flaws in more than one-hundred internet routers, calling its results “alarming”, signaling the importance of information security while working remotely. 

The revelation of the inherent flaws of consumer internet routers comes from Germany’s Fraunhofer Institute for Communication (FKIE), who published its ‘Home Router Security Report 2020’

Authors Peter Weidenbach and Johannes vom Dorp made it clear from the outset that “our results were alarming,” adding that “there is no router without flaws.” 

“Many routers are affected by hundreds of known vulnerabilities. Even if the routers got recent updates, many of these known vulnerabilities were not fixed. What makes matters even worse is that exploit mitigation techniques are used rarely,” they noted. 

The team at FKIE took 127 internet routers from seven manufacturers, and found that not a single manufacturer offered adequate protection for its home users. 

“Most firmware images provide private cryptographic key material,” the authors say, adding that “this means, whatever they try to secure with a public-private crypto mechanism is not secure at all.” 

Authors of the report also analysed the router’s firmware to determine when the routers received a security update. The results showed that 46 of the 127 had received no security update within the past 12-months. 

Even the best performing routers were riddled with potential security flaws. On average, each router possessed 53 critical security vulnerabilities, while the highest-ranking routers still possessed 21 critical vulnerabilities. 

“ASUS and Netgear do a better job in some aspects than D-Link, Linksys, TP-Link and Zyxel,” they say. 

Researchers have signalled their alarm over the number of flaws in home routers, which in recent months has been compounded by the large number of individuals working remotely for their organisation.


The researchers pointed out that “the good news is that more than 60% of router firmware images do not have hard-coded login credentials. The bad news is that 50 routers do provide hard-coded credentials. 16 routers have well known or easily crackable credentials. The worst device is the Netgear RAX40 with the following three well-known credentials: amazon, password & password.” 

Even if they’re using one of the most sophisticated and secure routers, researchers say these critical vulnerabilities still offer hackers a means of accessing the personal data of the individual, as well as a gateway for accessing the information of their employer. 

Internet router information security
An Information Security Management System is one of your best options when it comes to overcoming flaws of internet routers

The team at the Fraunhofer Institute for Communication are advocating for anyone, whether or not they’re working from home, to update their router’s firmware settings for any potential security patches available.  

“To sum it up,” the authors write, “our analysis shows that there is no router without flaws and there is no vendor who does a perfect job regarding all security aspects. Much more effort is needed to make home routers as secure as current desktop or server systems.” 

For more information on ISO 27001 – Information Security Management Systems – or for your free ISO 27001 Gap Analysis Checklist, Click here. 

Don’t forget to check out our News page, filled with the latest in industry-relevant news, how-to guides and ISO-explainers. 

Subscribe to our Newsletter

Share this post with your friends

Share on linkedin
Share on facebook
Share on twitter
Share on google