Uncovering Hidden Risks in IoT devices: A Post-Pandemic National Study of SOHO Wi-Fi Router Security

This study thoroughly analyzes the cybersecurity status of Small Office/Home Office (SOHO) Wi-Fi routers. These routers are crucial but frequently overlooked elements in network infrastructure, particularly in light of the impact of the COVID-19 pandemic on network security. The pandemic has led to shifts in network usage patterns, blurring traditional security perimeters and extending them into private residences, creating additional points of vulnerability in urban environments. Our nationwide research evaluated an extensive dataset of router brands and models currently used at scale. We measured the prevalence of known vulnerabilities, assessed the currency of userspace and kernel software versions, and compared the security robustness of proprietary firmware against open-source alternatives. Our findings reveal a concerning landscape of widespread vulnerabilities and outdated software components, posing latent risks to end-users. The results indicate a predominance of Linux on MIPS and ARM architectures, with an average delay of 5 to 10 years between the release of the kernel and the implementation of the most recent firmware versions. As a result, we observed an average of 1344 and 72 vulnerabilities in the kernel and applications. One significant discovery from our research is that replacing the manufacturer's original firmware with open-source alternatives, such as DD-WRT, OpenWrt, and Tomato, can substantially enhance the security of the software stack. This enhancement results in improvements of up to 97% in the case of binaries and 98.42% in the kernel. Our research helps increase cybersecurity awareness by pinpointing critical home network environment weaknesses and alerting the need for more rigorous security practices in producing and maintaining SOHO routers. This investigation also allowed the report of a new remote code execution vulnerability (disclosed in CVE-2022-46552). (AU)