Germany Proposes Router Security Guidelines

The German government has prosed guidelines to increase router security including what kind of routers are sold and installed across the country

• By Sydny Shepard
• Nov 27, 2018

The German government has published an initial draft of rules on securing Small Office and Home office (SOHO) routers. The draft, published by the German Federal Office for Information Security (BSI), was put together with input from router vendors, German telecoms, and the German hardware community. 

One approved, router manufacturers don't have to abide by these requirements, but if they do, they can use a special sticker on their products showing compliance.

The 22-page document lists several recommendations and rules for various router functions and features including the following rules: 

• If the router has a guest WiFi mode, this mode must not allow access to the routers configuration panel
• WiFi passwords should have a length of 20 digits or more
• WiFi passwords must not contain information derived from the router itself (vendor model, MAC, etc.)
• The router must allow an authenticated user to change its password
• In its default state, access to the admin panel must only be allowed via LAN or WiFi interfaces
• The router admin panel must show the firmware version
• The router must warn users about an out-of-data or end-of-life firmware

These are just a few of the BSI recommendations, see more in the above linked-document.

Germany is taking steps to standardize router security following an incident that took place at the end of 2016. A British hacker known as "BestBuy" attempted to hack Deutsche Telekom routers, but bungled the firmware update and crashed nearly a million routers across Germany.