Kitz Forum

Announcements => News Articles => Topic started by: broadstairs on January 07, 2019, 07:35:28 AM

Title: New security article on home routers on zdnet
Post by: broadstairs on January 07, 2019, 07:35:28 AM

Just seen this https://www.zdnet.com/article/most-home-routers-dont-take-advantage-of-linuxs-improved-security-features/ (https://www.zdnet.com/article/most-home-routers-dont-take-advantage-of-linuxs-improved-security-features/). Think this shows a cavalier attitude to security by companies.

Stuart

Title: Re: New security article on home routers on zdnet
Post by: niemand on January 07, 2019, 08:44:57 AM

Not ideal however routers are embedded systems. They should only be running code either produced or approved by the manufacturer which you'd hope isn't going to be setting about stack smashing. Outside shell code really shouldn't be running on them.

If any of them present a shell that's able to execute arbitrary code, however, that's quite a fail. :angel:

Title: Re: New security article on home routers on zdnet
Post by: ejs on January 07, 2019, 06:20:11 PM

Although if you want to monitor and record the DSL stats, that tends to require a shell that's able to execute arbitrary code.

Title: Re: New security article on home routers on zdnet
Post by: Chrysalis on January 07, 2019, 07:01:10 PM

Germany are actually introducing legislation to beef up security on home routers, a definite forward step for them, I am noticing the manufacturers are getting them watered down tho, e.g. they were going to be required to make options visible to disable TR069.  But now its watered down to that it can only be enabled by default if an isp is actually utilising TR069.

https://www.zdnet.com/article/germany-proposes-router-security-guidelines/

However they wont be required to allow you to install a supported open source solution which means end users still get trapped on abandonware, which most consumer routers are.