Code Reuse Gone Wild

Code ReuseEver wonder why vulnerabilities in router firmware are shared by so many models and firmware versions? Well the answer is simple – code reuse. Different vendors may be making different hardware, but much of the software that underlies the operation of the device isn’t. Software has always been the red-headed stepchild of device manufacturing, and cheapest is typically viewed as better.

That’s why we find so many devices running Linux under the covers. Linux, of course, is not just an operating system, but drags along with it lots of associated software. You want to build a router that’s capable of also managing a USB-connected hard drive? Sure, no problem, Linux has a solution for how you can do that.

Of course, when there’s a problem in one of the pieces of Linux that you include in your router, you have a potential vulnerability. And every product that uses that piece will have the same issue. That’s how open source code works.

But what about proprietary code? You’d think that different vendors couldn’t possibly be using the same proprietary software. But you’d be wrong. Drivers for router components are routinely shared among different vendors. And even higher level code is shared too. Sometimes router vendors will outsource their software development to 3rd party developers who will turn around, and use the code on other projects. You can read about it more here.