Sirin Software in partnership with Tactical Network Solutions made a sensibility research of embedded router firmwares, so the following analysis shows the level of security tested by cloud-based firmware analyzer tool of the most popular routers.
Number of routers in our houses and offices
There are a lot of routers in our homes and offices. Regarding the latest report on statista.com, the total number of internet users as of the end of 2016 is 3,5 billion. If we make an assumption that there are approximately 4 users behind each router, we get the number 850 millions of routers in use. Of course this is very rough calculations and finally, nobody knows how many routers exactly in use in the world.
Why open source?
Theoretically, botnet made even of 1% of this number of routers can easily produce a 9 Tbps attack, which will be the largest DDoS attack ever and can cause the denial of service of almost any existing service. From the other side, our personal privacy is the most important thing we should care for.
Direct security comparison using Centrifuge tool
Technically most of the commercial and Open source firmwares are unix-based and use some custom build on top of Linux or FreeBSD kernel. Most of the linux-based firmwares using the same technology stack and similar software bundles. However, they are totally different in kernel and software versions.
Engineers of Sirin Software reviewed few proprietary firmwares of different suppliers in a comparative way. Because of the closed source of proprietary firmware it’s impossible to compare them by code audition. But we can compare them using the Centrifuge binary firmware analyzer by the number of vulnerabilities in the whole firmware, by number of outdated and compromised libraries and so on. The latest firmware bundles were downloaded from the most popular vendors and analyzed by Centrifuge. We need to mention that firmwares also differ by size, so to cover this issue and to be more precise and we are using relative measures to reflect the actual level of security. The final results of the analysis are presented in the table below.
|Name||Size, MB||Buffer overflow
|Zyxel Keenetic Lite||3.2||155/48.43||13/4.06||168/52.5|
|Zyxel Ultra 2||12.2||388/31.80||43/3.52||431/35.33|
|Openwrt – Tp-link TL-WDR3600||3.4||64/18.82||4/1.18||68/20.00|
OpenWRT firmware is close to Keenetic Lite and DIR-300 by size but you can note how much it differs from them in security perspective.
There is no any common certification organization that can assess and classify routers by security level. That is why even buying the router from the respectful supplier you cannot be sure that it is safe and secure. It is well known that security by hiding the implementation is the worst approach. It would be nice if all manufacturers provide at least meta-information such as versions of used libraries and kernel, list of fixed security holes or something like that. Alternatively, people can use tools like Centrifuge to analyze the actual level of security.
Sirin Software stays up-to-date on the latest research and technology. If you have any questions, our R&D team is always online – contact us!