In all there were ten routers up on the table during the competition and of those the Asus RT-AC66U, NETGEAR Centria WNDR7400, Belkin N900 and the TRENDNet TEW-812DRU were cracked wide open. These routers were broken with the latest firmware allowing for the attacker to execute privileged commands on them remotely.
This is not the first time that this type of product has been compromised on this level. Earlier in the year flaws were found in a large range of products including ones from Cisco. It was also found that a large number of SOHO routers were open to the HeartBlead bug and although most manufacturers patched these fairly quickly there are still some that either cannot be patched or simply haven’t been.
One of the biggest problems is that the update cycle for most SOHO and residential routers are, in some cases, worse than the update cycle for cell phones. It is not uncommon for a patch for a bug or vulnerability to be available, but the manufacturers wait to push out an update until they have more to add to it. We would assume to cut down on costs for development and packaging of new firmware updates.
Although this does not bode well for the current state of SOHO security the hope is that the extra spotlight on these products will lead to better security in the long run. At the time of this writing there is no word on when the affected products will receive updates to remove the holes found in them.
Tell us what you think in our Forum