Critical vulnerabilities in D-Link routers

Next story

Research showing serious vulnerabilities in D-Link routers could pose a major issue.

Image

Recent research is showing vulnerabilities in D-Link routers, which are still unpatched. This shows numerous security weaknesses, and the worst case being an attacker gaining total control over a device. Some research is suggesting that D-Link routers have so many vulnerabilities that it is probably better to replace the hardware rather than patch them.

There is a flaw that allows attackers to force your router to open up its admin interface to the internet; once on this interface you can access the system without authentication. It is noted that vulnerabilities can only be exploited if the attacker has internal access or if remote access is enabled on the router.

Mark James, ESET IT Security Specialist, discusses what this means as a D-Link router user.

Is it a good idea to replace, rather than fix, insecure hardware?

“Yes, definitely. Your router’s security is of paramount importance, it’s the main route into each of your devices on your home or indeed possibly your business computers.

“If that device gets compromised, the consequences could be huge, and if those devices are not being patched quickly and effectively then your only choice is to replace that hardware.

“Choosing the right hardware should take into account its ability to receive updates in a timely manner.”

Would replacing your router, or multiple routers, be expensive?

“Not these days, electronics costs fall almost daily and keeping your hardware up-to-date and secure is not such a hard task.

“Replacing outdated hardware may be the only solution if updates are slow in coming. The costs of replacing hardware are extremely insignificant when it comes to dealing with malware infections or data breaches.”

What can organisations do to mitigate this problem?

“Making sure updates and firmware fixes are released in a timely manner is of utmost importance, as hardware security is as important, if not more, than software security.

“It is harder to accomplish, as not only is it hard for manufacturers to make the updates available but even harder still in letting all affected users aware of the updates and how to install them.

“It also needs to be fairly effortless for the end user to apply those updates; over-the-air (OTA) updates come with their own security issues, but make it easier for the end user to apply.

“Whichever process they choose to use will have its challenges, but sadly that’s the nature of security, and all too often we choose simplicity over security.”


Have you ever replaced a piece of hardware because it was insecure? Let us know on Twitter @ESETUK


Join the ESET UK LinkedIn Group and stay up to date with the blog. If you’re interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.