SRI Security Research Institute, Edith Cowan University, Perth, Western Australia
Network routers are a core component of contemporary SoHo networks. The firmware within these devices provides routing, control and monitoring functionality coupled with mechanisms to ensure a secure and reliable network. End-users are typically reliant on manufacturers to provide timely firmware updates to mitigate known vulnerabilities. An investigation was undertaken to identify the underlying software components used in the firmware of currently available, SoHo network devices used in Australia. Firmware from 37 devices was deconstructed to identify potential security issues; in each instance, the firmware images were found to include vulnerabilities, obsolete software and out-of-date operating system components. 95% of the deconstructed firmware was based on Linux. The Linux kernels identified were typically discontinued and are no longer actively maintained. This paper demonstrates a method for undertaking the analysis and summaries the outcomes of the research.