Is DD-WRT Secure?
Lately I have been reading more about router security. While I suspected the original firmware on my Asus router to be phoning home, during the past few years several security flaws have been discovered with Asus routers. Enough to provoke concern that security is not a serious priority with Asus engineers. This is more or less the case with all consumer grade routers. Vendors are interested only in the first sale and not in security patching. There is little to no money with follow-up support.
I installed DD-WRT on the Asus router. While DD-WRT provided me the features I wanted and a warmer fuzzier feeling than the Asus firmware, I admit that I am naive and ignorant about DD-WRT security.
I have been using DD-WRT for about 10 years. Throughout all of those years, like a gray cloud following me, I have pondered a simple question. Is DD-WRT secure?
I have no idea. No clue. Has any kind of security audit ever been performed on DD-WRT? How many security related bug reports remain open?
DD-WRT is actively developed. New beta releases are available weekly or thereabouts. A significant caveat is the developers refusal to issue stable releases. I could be mistaken but I think the last official stable release was in 2008. I am guessing the simple reason for the lack of stable releases is without a stable release no tech support is required as well as avoiding possible legal actions.
One advantage of DD-WRT is the project is well documented. Perhaps too much for ordinary users to sift through. DD-WRT is well supported by enthusiasts and hobbyists. Being open source means the software probably is more secure than any off the shelf firmware, but does anybody really know? I have no idea.
Where does a concerned person go next? The general advice among security professionals is avoid consumer grade routers. Buy enterprise routers. Obvious to anybody who spends a few minutes searching the topic is the cost of an enterprise router is beyond the budget of most non enterprise users.
A dose of paranoia in certain areas of life is healthy. Computer security is one of those areas. Each day there are reports and stories of various computer security issues. No single person really has a chance to survive. The solution then is provide the best security possible. Consumer grade routers fail miserably at that goal. Possibly open source solutions such as DD-WRT fare no better.
I have no idea.