[pyre]

Most of these devices are insecure not because the attackers are hyper-sophisticated, but because the software is rushed and a second-thought to the hardware. There is no one (in power) at these companies that cares about crafting quality software. They just care about crafting the bare minimum to make their devices work.

I wager that "security" is something fairly far from their mind when they craft this software, which I consider especially negligent for any company that is dealing in networked devices.

[kelnos]

It's even worse: most of these companies don't even write the software for the low end consumer hardware. They just license it from a third party, usually in Asia, and pay them to turn features on or off and skin the UI for their branding.

It's no surprise that routers from competing manufacturers are vulnerable, since it's all the same under the hood. The companies that sell the finished product have zero insight into how secure the software is.

[beojan]

But there's open source software for this. Why don't they just use that?

[pyre]

There is no one to point the finger at (i.e. blame) when something goes wrong.

[rock_hard]

It would probably be best to let the market regulate by itself but the issue here might be that it’s not visible to users that their router is infected.

[jeremyjh]

That is right. This malware is an externality. Externalities typically need to be mitigated through regulation.

[pbhjpbhj]

My router has the password saved in the page source ...