[Cryptography] "Home router warning: They're riddled with known flaws and run ancient, unpatched Linux"

John Ioannidis ji at tla.org
Thu Jul 9 14:47:36 EDT 2020


On Thu, Jul 9, 2020 at 2:26 PM Jerry Leichter <leichter at lrw.com> wrote:

>
> https://www.zdnet.com/article/home-router-warning-theyre-riddled-with-known-flaws-and-run-ancient-unpatched-linux/
>
> Shocking.  And there's gambling going on, too.
>
> All but one small German maker embedded private keys in their firmware.
> "The Netgear R6800 router contained 13 private keys."
>
> A third are running Linux kernel version 2.6.36 or older.  The latest
> security update for 2.6.36 was in February of 2011.  One Linksys router was
> running 2.4.20, released in 2002.  There are 579 high-severity CVEs
> affecting that.
>

Don't forget the buggy firmware in WiFi chipsets that you can't ever change
even if the manufacturer ever fixed it.


> One thing I find disturbing is how little you can trust what you think you
> know about the companies.  I would have considered Netgear as high end,
> more expensive, probably trustworthy.  On the other hand, ASUS always came
> across as a cheap Chinese (actually Taiwanese) clone.  Both are at the top
> of the rankings in this report (not that that's much to be proud of).  I
> thought of Linksys as good because they were owned by Cisco.  Not so much -
> but then again, I didn't realize that Cisco sold them to Belkin (also
> pretty good?) who then sold them to Foxconn - which, as it happens, also
> owns ASUS!  You just can't tell.
>
>
I got it from Agnes, she got it from Jim, we all agree it must have been
Louise who gave it to him :)

/ji
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20200709/73486256/attachment.htm>


More information about the cryptography mailing list