Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: New security article on home routers on zdnet  (Read 1151 times)

broadstairs

  • Kitizen
  • ****
  • Posts: 3697
New security article on home routers on zdnet
« on: January 07, 2019, 07:35:28 AM »

Just seen this https://www.zdnet.com/article/most-home-routers-dont-take-advantage-of-linuxs-improved-security-features/. Think this shows a cavalier attitude to security by companies.

Stuart
Logged
ISP:Vodafone Router:Vodafone Wi-Fi hub FTTP

niemand

  • Kitizen
  • ****
  • Posts: 1836
Re: New security article on home routers on zdnet
« Reply #1 on: January 07, 2019, 08:44:57 AM »

Not ideal however routers are embedded systems. They should only be running code either produced or approved by the manufacturer which you'd hope isn't going to be setting about stack smashing. Outside shell code really shouldn't be running on them.

If any of them present a shell that's able to execute arbitrary code, however, that's quite a fail. :angel:
Logged

ejs

  • Kitizen
  • ****
  • Posts: 2078
Re: New security article on home routers on zdnet
« Reply #2 on: January 07, 2019, 06:20:11 PM »

Although if you want to monitor and record the DSL stats, that tends to require a shell that's able to execute arbitrary code.
Logged

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP
Re: New security article on home routers on zdnet
« Reply #3 on: January 07, 2019, 07:01:10 PM »

Germany are actually introducing legislation to beef up security on home routers, a definite forward step for them, I am noticing the manufacturers are getting them watered down tho, e.g. they were going to be required to make options visible to disable TR069.  But now its watered down to that it can only be enabled by default if an isp is actually utilising TR069.

https://www.zdnet.com/article/germany-proposes-router-security-guidelines/

However they wont be required to allow you to install a supported open source solution which means end users still get trapped on abandonware, which most consumer routers are.
Logged