Linksys WRT32X, the router that scored the highest in the Cyber-ITL security-focused case study.
Many of today's most popular home router models don't take full advantage of the security features that come with the Linux operating system, which many of them use as a basis for their firmware.Security hardening features such as ASLR (Address Space Layout Randomization), DEP (Data Execution Prevention), RELRO (RELocation Read-Only), and stack guards have been found to be missing in a recent security audit of 28 popular home routers.
Security experts from the Cyber Independent Testing Lab (Cyber-ITL) analyzed the firmware of these routers and mapped out the percentage of firmware code that was protected by the four security features listed above.
"The absence of these security features is inexcusable," said Parker Thompson and Sarah Zatko, the two Cyber-ITL researchers behind the study.
"The features discussed in this report are easy to adopt, come with no downsides, and are standard practices in other market segments (such as desktop and mobile software)," the two added.
While some routers had 100 percent coverage for one feature, none implemented all four. Furthermore, researchers also found inconsistencies in applying the four security features within the same brand, with some router models from one vendor rating extremely high, while others had virtually no protection.
According to the research team, of the 28 router firmware images they analyzed, the Linksys WRT32X model scored highest with 100 percent DEP coverage for all firmware binaries, 95 percent RELRO coverage, 82 percent stack guard coverage, but with a lowly 4 percent ASLR protection...
Read more: Most home routers don't take advantage of Linux's improved security features | ZDNet