Almost everyone of us now has a router at home, because without a router nothing works: no Internet, usually no landline phone.
The Fraunhofer Institute has now investigated how secure these home routers are and found out Far more than 90 percent have considerable security gaps, which could often be avoided if the manufacturers did their job.
Router security? Think!
Most of us pay a lot of attention to security when we go online with our computer. They purchase a virus program, the latest secure software and regularly update their operating system. But what many people don’t have on their screens is their router. It keeps a virtual door wide open for uninvited guests.
What could happen is that your Internet traffic is redirected. This means that if you enter your bank’s address, for example, the computer will not redirect you to the actual bank, but to a fake Internet site to retrieve your data.
Everything you send into the network via the router is insecure, because the data can be intercepted. For this reason, this sensitive location in particular requires particularly high security regulations. But the opposite is the case. Most routers have really old software, says Peter Weidenbach from the Fraunhofer Institute for Communication, Information Processing and Ergonomics during his investigations.
Almost a third of the routers have a version that has not been updated for nine years.
Nine years is an incredibly long time in the digital world. There is no reason to run routers with such old and therefore insecure software. Most manufacturers work with Linux, a free open source system. Linux itself is always up to date. Why don’t the companies use it? Weidenbach suspects this:
Somebody has to compile the security updates, so to speak. They have to be tested to make sure that no other function of the router is no longer running. That costs money.
The problem is the router manufacturers, Weidenbach continues, because they are not liable if the router is “hijacked” by some third party – nothing happens to the router manufacturer. Researchers therefore demand binding security guidelines. Users can also do something themselves by not having just any router sent to them, but by deciding for themselves which one they use.
Our research has shown that AVM, for example, has done significantly better than other manufacturers in many areas that we looked at.
After all, AVM makes an update once a year
This is also completely insufficient, but it is still better than a nine-year-old system. In fact, weekly updates would be necessary, which would be carried out automatically without the user having to be active. That would be ideal, but it would not happen.
What you need to know: The vulnerabilities only affect data you send out, or hard drives that are connected directly to the router. The computer itself, even hard disks that are directly connected to the computer, are actually safe, as long as the computer is protected by (up-to-date) antivirus software and a firewall.