This unpatchable hell is a problem with many fathers, from recalcitrant vendors to customers wary of -- or hostile to -- change. But with the number and diversity of connected endpoints expected to skyrocket in the next decade, radical measures are fast becoming necessary to ensure that today's "smart" devices and embedded systems don't haunt us for years down the line.This is a real problem. As desktop security has improved over the last decade (and improved it has, despite being spotty at best), the Bad Guys have looked for easier targets. A home router is a natural target, for several reasons:
Trouble close to home
The problem of unsupported or undersupported devices hits close to home for millions of broadband users in the United States and Europe. Broadband routers humming away peacefully in attics and home offices have become the latest targets of sophisticated cyber criminal groups.
A string of incidents in recent months have underscored the vulnerability of this population of loosely managed and configured devices. In March, the security consultancy Team Cymru warned that hackers had compromised some 300,000 small- and home-office broadband routers made by firms D-Link, Micronet, Tenda, and TP-Link, among others.
- There is typically very little (or no) effort put into security by the manufacturer. Security work costs money, and that raises the price in a market where profit margins are wafer thin,
- ISPs are notorious for having terrible technical support, because good tech support costs money and a support call can easily burn through an entire month's revenue from that customer. Support personnel who understand security raise this cost, and very possibly increase the number of calls.
- "If it's working don't screw with it" is everyone's preferred approach - the manufacturer, the ISP, and the subscriber.
So what do you do? Probably the only thing that you can do is to assume that the Internet router is already compromised. Get your own router and put it between your home network and the router your ISP sent you. Disable WiFi in the ISP router, and use your own. Run an Open Source OS on the router (these projects will almost always be more responsive to security issues than the manufacturers).
Oh, and read this post from way back.