What You Need to Know About Router Security Flaws

Bugs in routers go unfixed.

It’s possible that you have a router with a security flaw, but it came like that—the flaw is in the software that runs the router and helps it to communicate with your computer and networks.

In its special report, The Wall Street Journal found an interesting example of this. A router company was notified by a security expert that there was a bug (flaw) in one of its programs that “put millions worldwide in danger of being hacked.” But here was the interesting part: The company had fixed that software problem earlier—in fact, 10 years earlier. So what went wrong?

A component maker had included the old software with its “chipset” and had not updated it.

Those chips were distributed to router makers who simply used them in new routers—they reportedly said they didn’t know that newer software (an update) was available.

That one example is typical of the kinds of problems that plague the technology world. Even if a software company finds a problem and releases a software “patch” to fix it—or completely updates the software—that news and that fix may never make it to you.

Fixing bugs has proven to be complicated, especially in the world of routers:

The manufacturer (whether of the hardware or software) has to develop a fix or patch.

Technically, it would have to notify and alert all of their business partners and/or their customers/consumers.

But that’s where the problems begin:

Patches aren’t delivered to those who need them.

Router customers (you may be one of them) are rarely alerted to the problem.

Customers might get a notification, but it could be so technical and confusing that they don’t take the steps they need to take.

Five steps to danger.

You might be one of the unlucky—and unsuspecting—router users caught in this cycle, a victim of the security flaw in a router that never got fixed. And there are hundreds of thousands caught up in the problem:

Manufacturers/suppliers. They create chips or other router components and use software that has built-in security flaws. Of course, they are not aware of that at the time. They may even create a flaw of their own.

Software companies. They might not be aware of a flaw in their programs for a few years. And they may not bother to alert customers if the flaw is in products that are a few years old. They also aren’t required to notify everyone.

The router makers. They could (inadvertently) add in their own flaw or accidentally use a flawed component. In any case, their routers are often sold and are on the market (in the thousands) before anyone knows there is a problem. They too won’t put much energy into worrying about older routers.

You and other home router users. Chances are you will never know that you have a flawed router unless it simply happens not to work. And your Internet Service Provider might not know you have a flawed router, or they’ll fail to pass along to you a software patch to fix it. Even if they did, you and other consumers wouldn’t know what to do.

Hackers. While everyone in the supply chain is fumbling, delivering you a flawed product, and failing to help you fix it, hackers take advantage. They know all about the flaws, they take control of vulnerable routers to steal data that is traveling on the Internet—sometimes even if it is encrypted—and they’ll use hijacked routers to attack and deluge websites with false traffic, shutting them down temporarily.

What to do.

Maybe it’s time to do a little Internet research to see if your router has been in the news as far as security flaws go. Or if your router is three to five years old, perhaps it’s time to get a new one anyway. In any case, do a little homework or talk to someone who knows about networking before you shop.

When it comes to Internet security, you want to make sure your equipment isn’t going to let you down.