The Risks Posed by Home Routers - Cyber Tip Tuesday 22 July 2020

Welcome to this week's Black Arrow Cyber Tip Tuesday, this week James is talking about risks posed by home routers.

A recent study in Germany of 127 home routers from 7 different brands including D-Link, Linksys, TP-Link and Zyxel found that almost 60 percent of models hadn't had a security update in over a year and most were affected by hundreds of known vulnerabilities. On top of that, they found that vendors were shipping updates with no fixes for critical vulnerabilities that have been known about for many years, some are even observed as being actively exploited.

Most routers are based on a Linux operating system which is patched and maintained regularly but the home router manufacturers are choosing to use old and known vulnerable versions of the operating system without sending updates to customers devices.

The lesser of the evils seemed to be Asus and Netgear who both applied more security fixes more frequently but another recent study found that 79 of Netgear's routers have a critical security vulnerability that would allow a remote attacker to take complete control of the device and the network behind which has been present since 2007.

With the increasing popularity of home working it is essential that both individuals and firms take in to account this increase in attack surface and apply appropriate controls and mitigations to prevent their data and their clients data from being captured by malicious third parties.

When approached correctly, home working can provide significant benefits to productivity without compromising security. Speak to us today to find out how you can achieve this.

Previous
Previous

Cyber Weekly Flash Briefing 24 July 2020: Cyber crime up 23% Over Past Year, Nearly 50% of employees have made a serious security mistake at work, 99.9% of Hacked Microsoft Accounts Don’t Use 2FA

Next
Next

Cyber Weekly Flash Briefing 17 July 2020: Major US Twitter accounts hacked, Malware in Chinese Tax Software, NK steals $2bn through cyber heists, Counterfeit Cisco kit, Windows DNS vulns, Citrix vuln