Eiram believes that the absence of automatic updates is exactly the reason why embedded devices should have better code maturity and secure configurations from the beginning.
"To most home users, a router is that magical box in the corner, allowing them to go on the Internet," Eiram said. "Many are still struggling to update software on their computers that don't have auto-update features. Asking those users to log in and then configure or update their routers is not realistic."
For those users who do feel knowledgeable enough to configure their own routers, Eiram advises disabling access to the administration interface from the Internet, as that is usually the most commonly vulnerable feature.
"Ensuring other services are not remotely accessible is also a good idea, since we do see vulnerability reports in those as well," he said. "The problem here is that it is sometimes not even clear to users that a service is active and listening remotely. Finally, checking for updates regularly is important and usually possible from within the the web-based management interface."
Sign up for CIO Asia eNewsletters.