Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Is proprietary more secure than open source? Vulnerability analysis of embedded router firmwares

April 2017 by Marc Jacob

Sirin Software specialises and has successfully completed the number of projects in field of embedded systems, where cyber security is an extremely important issue for nowadays trending IoT, Big Data and Cloud solutions development.

Sirin Software in partnership with Tactical Network Solutions made a sensibility research of embedded router firmwares, so the following analysis shows the level of security tested by cloud based firmware analyzer tool of the most popular routers.

Number of routers in our houses and offices

There are a lot of routers in our homes and offices. Regarding latest report of statista.com, the total number of internet users as of end of 2016 is 3,5 billions. If we make an assumption that there are approximately 4 users behind each router, we get the number 850 millions of routers in use. Of course this is very rough calculations and finally nobody knows how many routers exactly in use in the world.

Why open source?

First of all, open source software is free. It is free not only to use, but to investigate too. There are some companies that offer security audition of the source code. One can purchase one-time audition of existing firmware to make sure of using free of backdoors solution. There is no direct/easy way to investigate proprietary solutions. You should fully trust your vendor or seek justice in a court after data leakage. However, there is a legal disclaimer in the terms of use from the most routers’ suppliers. In fact, there is tricky way to examine the firmware: search by binary patterns - exactly what Centrifuge do. Centrifuge is a cloud based firmware analyzer tool developed by Tactical Network Solutions (maybe a link). It uses heuristic analysis to guess library versions, to count possible buffer overflows and potentially dangerous functions in already compiled code.

Security importance

Theoretically botnet made even of 1% of this number of routers can easily produce a 9 Tbps attack, which will be the largest DDoS attack ever and can cause denial of service of almost any existing service. From other side our personal privacy is the most important thing we should care of.

Direct security comparison using Centrifuge tool

Technically most of the commercial and open-source firmwares are unix-based and use some custom build on top of Linux or FreeBSD kernel. Most of the linux based firmwares using the same technology stack and similar software bundles. However they are totally different in kernel and software versions.

Engineers of Sirin Software reviewed few proprietary firmwares of different suppliers in a comparative way. Because of closed source of proprietary firmware it’s impossible to compare them by code audition. But we can compare them using Centrifuge binary firmware analyzer by number of vulnerabilities in the whole firmware, by number of outdated and compromised libraries and so on. The latest firmware bundles were downloaded from the most popular vendors and analyzed by Centrifuge.We need to mention that firmwares also differ by size, so to cover this issue and to be more precise and we are using relative measures to reflect actual level of security. The final results of analysis are presented in table below.

Conclusions

There is no any common certification organisation that can assess and classify routers by security level. That is why even buying router from respectful supplier you cannot be sure that it is safe and secure. It is well known that security by hiding the implementation is the worst approach. It would be nice if all manufactures provide at least meta-information such as versions of used libraries and kernel, list of fixed security holes or something like that. Alternatively people can use tools like Centrifuge to analyze the actual level of security.


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts