{"id":56582,"date":"2020-07-02T09:22:51","date_gmt":"2020-07-02T07:22:51","guid":{"rendered":"https:\/\/www.planet3dnow.de\/cms\/?p=56582"},"modified":"2020-07-02T09:23:31","modified_gmt":"2020-07-02T07:23:31","slug":"sicherheit-bei-vielen-home-routern-mangelhaft","status":"publish","type":"post","link":"https:\/\/www.planet3dnow.de\/cms\/56582-sicherheit-bei-vielen-home-routern-mangelhaft\/","title":{"rendered":"Sicherheit bei vielen Home-Routern mangelhaft"},"content":{"rendered":"

Das Fraun\u00adho\u00adfer-Insti\u00adtut f\u00fcr Kom\u00admu\u00adni\u00adka\u00adti\u00adon, Infor\u00adma\u00adti\u00adons\u00adver\u00adar\u00adbei\u00adtung und Ergo\u00adno\u00admie, FKIE<\/span>, hat in einer aktu\u00adel\u00adlen Unter\u00adsu\u00adchung (\u201cHome Rou\u00adter Secu\u00adri\u00adty Report 2020<\/a>\u2033) 127 Heim-Rou\u00adter auf ver\u00adschie\u00adde\u00adne Kri\u00adte\u00adri\u00aden hin unter\u00adsucht. Im Fokus stand die Sicher\u00adheit und die Zuver\u00adl\u00e4s\u00adsig\u00adkeit. Dabei wur\u00adde unter ande\u00adrem das Firm\u00adware-Image extra\u00adhiert und anhand der ver\u00adwen\u00adde\u00adten Ker\u00adnel-Ver\u00adsi\u00adon die Anzahl der bekann\u00adten, nicht beho\u00adbe\u00adnen Sicher\u00adheits\u00adl\u00fc\u00adcken (CVE<\/span>) ermittelt.<\/p>\n

<\/p>

<\/a><\/center>\n

91 Pro\u00adzent der unter\u00adsuch\u00adten Rou\u00adter ver\u00adwen\u00adden dabei ein Betriebs\u00adsys\u00adtem auf Linux-Basis. Das w\u00e4ren eigent\u00adlich gute Vor\u00adaus\u00adset\u00adzun\u00adgen f\u00fcr maxi\u00adma\u00adle Sicher\u00adheit, schlie\u00df\u00adlich wird der Linux-Ker\u00adnel regel\u00adm\u00e4\u00ad\u00dfig aktua\u00adli\u00adsiert und mit Sicher\u00adheits\u00adup\u00addates ver\u00adsorgt. Aller\u00addings m\u00fcss\u00adten die Her\u00adstel\u00adler nat\u00fcr\u00adlich ihrer\u00adseits Firm\u00adware-Updates bereit\u00adstel\u00adlen, die die\u00adse Fixes auch ent\u00adhal\u00adten. Das spa\u00adren sich vie\u00adle Her\u00adstel\u00adler lei\u00adder und dann wird die Basis \u201cLinux\u201d zur Fal\u00adle, denn die Sicher\u00adheits\u00adl\u00fc\u00adcken sind gut doku\u00admen\u00adtiert und wenn sie nicht geschlos\u00adsen wer\u00adden, sind sie f\u00fcr Angrei\u00adfer rela\u00adtiv leicht auszunutzen:<\/p>\n

Our ana\u00adly\u00adsis show\u00aded that Linux is the most used OS<\/span> run\u00adning on more than 90% of the devices.
\nHowe\u00adver, many rou\u00adters are powered by very old ver\u00adsi\u00adons of Linux. Most devices are still powered with a 2.6 Linux ker\u00adnel, which is no lon\u00adger main\u00adtai\u00adned for many years. This leads to a high num\u00adber of cri\u00adti\u00adcal and high seve\u00adri\u00adty CVEs affec\u00adting the\u00adse devices.
\nSin\u00adce Linux is the most used OS<\/span>, exploit miti\u00adga\u00adti\u00adon tech\u00adni\u00adques could be enab\u00adled very easi\u00adly. Anyhow, they are used quite rare\u00adly by most ven\u00addors except the NX<\/span> feature. <\/p><\/blockquote>\n

Zudem wird kri\u00adti\u00adsiert, dass die meis\u00adten Her\u00adstel\u00adler pri\u00adva\u00adte Keys in ihren Images mit aus\u00adlie\u00adfern oder hard\u00adko\u00addier\u00adte Log\u00adins enthalten:<\/p>\n

The bad news is that 50 rou\u00adters do pro\u00advi\u00adde hard-coded cre\u00adden\u00adti\u00adals. 16 rou\u00adters have well known or easy crackable cre\u00adden\u00adti\u00adals. The worst device is the Net\u00adgear RAX40<\/span> with the fol\u00adlo\u00adwing three well-known credentials:
\n\u2014 root:amazon
\n\u2014 nobody:password
\n\u2014 admin:password
\nHowe\u00adver, we do not know, if you can log on to the\u00adses accounts remotely.
\nASUS<\/span> is the only ven\u00addor not sto\u00adring any hard-coded cre\u00adden\u00adti\u00adal in its firm\u00adware images.<\/p><\/blockquote>\n

Im Fazit kom\u00admen auf\u00adgrund der Unter\u00adsu\u00adchun\u00adgen nur weni\u00adge Her\u00adstel\u00adler gut weg:<\/p>\n

AVM<\/span> does bet\u00adter job than the other ven\u00addors regar\u00adding most aspects. ASUS<\/span> and Net\u00adgear do a bet\u00adter job in some aspects than D\u2011Link, Link\u00adsys, TP-Link and Zyxel. <\/p><\/blockquote>\n

Die voll\u00adst\u00e4n\u00addi\u00adge Unter\u00adsu\u00adchung kann beim Fraun\u00adho\u00adfer-Insti\u00adtut ein\u00adge\u00adse\u00adhen<\/a> werden.<\/p>\n","protected":false},"excerpt":{"rendered":"

Das Fraun\u00adho\u00adfer-Insti\u00adtut f\u00fcr Kom\u00admu\u00adni\u00adka\u00adti\u00adon, Infor\u00adma\u00adti\u00adons\u00adver\u00adar\u00adbei\u00adtung und Ergo\u00adno\u00admie, FKIE<\/span>, hat in einer aktu\u00adel\u00adlen Unter\u00adsu\u00adchung (\u201cHome Rou\u00adter Secu\u00adri\u00adty Report 2020\u2033) 127 Heim-Rou\u00adter auf ver\u00adschie\u00adde\u00adne Kri\u00adte\u00adri\u00aden hin unter\u00adsucht. Im Fokus stand die Sicher\u00adheit und die Zuver\u00adl\u00e4s\u00adsig\u00adkeit. (\u2026) Wei\u00adter\u00adle\u00adsen \u00bb<\/a><\/p>\n","protected":false},"author":2,"featured_media":56587,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"wp_typography_post_enhancements_disabled":false,"ngg_post_thumbnail":0,"footnotes":""},"categories":[12],"tags":[2318,2319,985,2320,149],"class_list":["post-56582","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-aktuelles","tag-fkie","tag-fraunhofer-institut","tag-linux","tag-router","tag-sicherheit","entry"],"share_on_mastodon":{"url":"","error":""},"_links":{"self":[{"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/posts\/56582","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/comments?post=56582"}],"version-history":[{"count":6,"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/posts\/56582\/revisions"}],"predecessor-version":[{"id":56591,"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/posts\/56582\/revisions\/56591"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/media\/56587"}],"wp:attachment":[{"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/media?parent=56582"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/categories?post=56582"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/tags?post=56582"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}