Build Safety of Software in 28 Popular Home Routers by Cyber-ITL


"The haphazard security practices in IoT devices put their overall security stance well below that of desktop operating systems. From our research this is one of the reasons why botnet operators and other malicious actors are moving to IoT exploitation - the devices are numerous and largely insecure. This brief survey of one small corner of the IoT ecosystem shows why this trend is likely to continue unless vendors become more responsible in basic software security and hygiene practices.
This poor showing for home routers highlights the need for the basic testing measures prior to shipping a product. It is not difficult to check if the stack is marked non-executable, but doing simple safety checks of that nature does not appear to currently be a standard industry practice. It is not sufficient to assume that software compiled in a secure configuration - a post-compile check of the resultant binaries should be a standard step before release. Otherwise, surprises like the ones seen here are inevitable.
If vendors applied basic checks for software safety practices as part of their build and testing practices prior to shipping their products the industry could quickly see a noticeable improvement in product build safety"


Further Read - Link

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.