Wireless Routers Are Not As Insecure As They Are Made Out To Be.

On April 17, 2013, CNET presented an article about a IT security company's evaluation of SOHO routers (the article can be seen here).  The article highlighted the security company's assertions that SOHO routers are a major security risk.  The link to the company's original report is also provided in the article.

After reading it, I realized how poorly the research was conducted by the company.  My response to the article on CNET's website is below.

My suggestion to the general public is that the should always take advice from such articles with a grain of salt.  Like others, this article, too, raises the specter of horrible things that will happen to people who use such routers when, in reality, that is far from the truth.  As we probably all have experienced, truth never lies in extreme views but in middle-of-the-road ones.  Link to an earlier blog post to understand risks and how to avoid them.

I am not saying that there are no vulnerabilities in SOHO routers, but I am definitely saying that with the proper settings, you can setup a secure and trouble-free wireless network at home or in the office.  With a common-sense approach, one can be reasonably certain that information being transmitted wirelessly cannot be compromised.

Here are my thoughts on the article.

Really? Not another study trying to spread panic with outdated and unsubstantiated information!!! The report is full of vague and ambiguous statements such as "trivial attacks can be launched directly against the router with no human interaction or access to credentials."  No specific examples have been presented to indicate how consumer routers have such vulnerabilities. What vulnerabilities (in English, please) do consumers need to be aware of so that they can adequately protect themselves? The report would be useful if such information were disseminated to the public at large. Yet, I do not see any evidence of that in the report. 
Then, there is this disclaimer: "ISE did not exhaustively evaluate these routers, and in no way asserts that other product vulnerabilities do not exist." So, guys, if you haven't tested these routers and have arrived at the aforementioned conclusion, you may as well have concluded (without evaluating anything) that you were not sure whether such vulnerabilities do exist in the first place!!!  "Many of these routers enable by default—or provide the capability to enable—telnet, ftp, and other services that have not been fully investigated." So, what did the company investigate based on which they have drawn the "valuable" conclusions stated in the article? 
Then, there are the recommendations: "Prepare and make available firmware upgrades that address these issues" and "Designing a method for automatic firmware updates, that can be opted out of by users." Oh, so you want vendors to provide automatic firmware upgrades, then allow users to opt-out? So why provide firmware updates at all? 

Need I say more?

Comments

Popular posts from this blog

Why to not Buy the International Version of the Samsung Galaxy S4?

New Service to Recover a Stolen Samsung Galaxy S4 Smartphone