Hauke Mehrtens <[email protected]> writes: > On 12/17/18 1:54 AM, Dave Taht wrote: >> >> A pretty deep look at home MIPS and arm routers, and a surprising bug in >> Linux/MIPS - by mudge and co: >> >> https://cyber-itl.org/2018/12/07/a-look-at-home-routers-and-linux-mips.html >> >> I have no idea if current openwrt, or what prior releases... are subject to >> the problems they outline. > > In the second paper "Build Safety of Software in 28 Popular Home Router" > [0] they checked the "security" of multiple popular devices, by checking > if they activate ASLR, Non stack Exec, Relro and stack guards. The best > device was the Linksys wrt32x and this is based on OpenWrt with not so > many modifications. ;-) Just something like Samba downgrade to 3.0.37. > The paper also wonders why the other Linksys devices like the wrt1900ac > are much worse, but they probably do not use OpenWrt or a much older > version. The GPL source code tar.gz of the Linksys wrt32x, begins with > cloning from https://github.com/openwrt/openwrt.git > > > It is also interesting how different this approve to security checking > is to what the German BSI published in the "BSI TR-03148: Secure > Broadband Router:" [1]. > You can build a device which scores 100% in the one and 0% in the other, > there is no overlap. ;-)
It isn't really something I can put smiley faces about. How many of the 28 can be reflashed with modern openwrt? > > Hauke > > > [0]: > https://cyber-itl.org/assets/papers/2018/build_safety_of_software_in_28_popular_home_routers.pdf > [1]: > https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03148/TR03148.pdf?__blob=publicationFile&v=2 _______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-devel
