Germany draws up a list of rules and recommendations to make routers safer

The German government has drawn up a proposal for rules on the security of routers for use in small offices and homes. The controls are composed by router providers, German telecom providers and the German hardware community.

Once these have been approved, router manufacturers must abide by these rules if they want to sell routers within the German borders. The 22-page document, which can also be read in English via Bund.de, contains dozens of recommendations and rules for the functions and capabilities of routers.

Rules in a row

Below we list some of the most important rules and recommendations:

• Only DNS, http, HTTPS, DHCP, DHCPv6 and ICMPv6 services must be available on the LAN and WiFi interface.
• If a router also has a guest Wi-Fi mode, this mode should not allow access to the mode settings menu.
• The Extended Service Set Identifier (ESSID) must not contain information derived from the router itself (such as the manufacturer’s name or router model).
• The router must support the WPA2 protocol and use it by default.
• Wifi passwords must contain 20 characters or more.
• WiFi passwords must not contain information derived from the router itself (vendor, model, MAC, etc.).
• The procedure for entering the wifi-password should not include a gauge indicating the strength of the password, and users should not be forced to use special characters either.
• The configuration/admin panel password for a router must contain at least eight characters and have a complete setup, including two of the following: uppercase, lowercase, special characters, numbers.
• Routers should allow the user to change the password of the admin panel.
• The passwords must be protected against brute force attacks.
• Routers may not be delivered with undeclared (backdoor) accounts.
• The admin panel of the router should show the version of the firmware.
• Routers should warn users about outdated or unsupported firmware.

The reason why Germany is taking such steps is in a major hack in 2016. Then almost a million routers were cracked in Germany, after a British hacker found out that something had gone wrong with the firmware of routers from Deutsche Telekom.