-4

I recently read an answer on this stackexchange that informed me that, if a person knows my IP, it can try to hack into my router and change the DNS in order to perform a MITM attack.

Now, this is coherent with what I have seen a few times: every day my router records 10-20 attacks that it blocks with its firewall.

However, I am mildly concerned about a thing: almost all operative systems, browsers, softwares I have been in contact with have very frequent security updates, said to be done "in order to fix vulnerabilities". I have never done, or be alerted that I should do, a router firmware update in my life. In particular, all my routers are 4+ years old.

Should I be concerned, or is there a specific reason for which a router doesn't need security updates? (either it performs them automatically, or there are no known vulnerabilities and it is a particularly safe system)

AnalysisStudent0414
  • 103
  • 4
  • 3
    *"Should I be concerned, ...."* - maybe you live on a different planet but on this one [insecure routers](https://www.google.de/search?q=insecure+router) are widely discussed [even in non-technical media](http://www.foxnews.com/tech/2016/08/02/how-outdated-router-firmware-puts-at-risk.html). If your old router never saw updates it is likely broken and maybe already compromised. For further discussions please do your own research first since there are [many questions about router security](https://www.google.com/search?q=site:security.stackexchange.com+router+security) at this site already. – Steffen Ullrich Jun 04 '18 at 10:34

1 Answers1

1

For home or small office/home office routers there are often very few updates to the systems firmware. This could be for a number of reasons, first these systems are not as complex as your typical operating system, making their attack surface smaller. Second there is usually not an automatic update that pops up like your typical operating system telling you that you need to update. Third these companies are out to make a profit, creating updates costs money and will only be done if there are very large and very important security holes to patch. It is still good to check for updates but maybe on a quarterly basis, but recently there was a notice put out by the FBI to reboot your routers as they just took over the command and control server for a form of malware that was taking over lots of routers https://www.us-cert.gov/ncas/alerts/TA18-145A

Brian halbach
  • 31
  • 4