Networking Companies’ Security Protocols Haven’t Improved in 15 Years: Study

5 years ago

Security protocols for networking companies haven’t improved in fifteen years, reads a new study.

The Security Ledger reported that the Cyber Independent Testing Lab (CITL), a non-profit organization that conducts independent tests of software security, examined 6,000 firmware images totalling nearly 3 billion binaries released between 2003 and 2018.

These publicly available firmware images were gathered from Asus, Linksys, Netgear, and other popular networking companies to help CITL figure out if these vendors have improved their approach to securing the firmware of their devices over the 15 years it examined.

CITL found little sign of improvement.

“Nobody is trying,” said Sarah Zatko, the Chief Scientist at the CITL. “We found no consistency in a vendor or product line doing better or showing improvement. There was no evidence that anybody is making a concerted effort to address the safety hygiene of their products.”

Numerous companies reportedly failed to implement basic security features despite growing awareness of the issues they resolved and increasing numbers of attacks on networking devices.

Zatko told The Security Ledger that several of the features missing from the examined networking firmware — stack guards and buffer overflow protection — are “the seatbelts and airbags of the software world.” Lacking those basic protections, she said, puts the firmware years behind operating systems and web browsers in terms of defending against the attacks those safeguards are supposed to stop.

“Stack guards and buffer overflow protection are the canaries in the coal mine,” she said. The absence of even basic protections suggests that the tested firmware may contain more serious vulnerabilities and that firmware security is years behind the security of applications like Google Chrome and Firefox.

“These are the seatbelts and airbags of the software world. These numbers are unheard of in operating systems or (Web) browsers. It’s just a sign that they’re not trying,” Zatko concluded.

Read the entire report on the current state of security with network companies here.

P.S. Help support us and independent media here: Buy us a beer, Buy us a coffee, or use our Amazon link to shop.

Other articles in the category: News

Air Canada Launches Live NHL Playoffs with Sportsnet, TVA Sports

Air Canada has announced the expansion of its in-flight entertainment offerings with the introduction of three new Live TV sports channels from Rogers-owned Sportsnet and Quebecor’s TVA Sports. The addition of Sportsnet ONE and Sportsnet East is available today on select flights, coinciding with the kickoff of the Stanley Cup Playoffs. TVA Sports will join...

John Quintet

51 mins ago

Netflix Q1 2024: $9.37 Billion in Revenue, Subscribers Up 16%

Netflix on Thursday reported first-quarter earnings, handily beating Wall Street estimates with $9.37 billion in revenue and profits of $2.33 billion

Nehal Malik

3 hours ago

Apple Pulls WhatsApp, Others from China App Store per Govt. Directive

Apple on Friday removed WhatsApp, Threads, Telegram, and Signal from its App Store in China, per orders from the country's government

Nehal Malik

4 hours ago