tldr: it’s the software. Routers are notoriously insecure.
Like the LCD TV suggestion I once gave, my info is probably out of date.
Consumer routers are notoriously insecure. Back when I used a Linksys WRT54G, I flashed it with DD-WRT (community-created firmware) because it offered better security and stability.
My brother recently got an Asus router off Craigslist. Funny enough, it came flashed with community-created firmware. In the copious release notes, this stuck out (because my brother complained that his Brother Laser Printer was no longer a member of the network):
WARNING: FEATURES NO LONGER AVAILABLE:
- WPS/WSC (completely disabled due to the serious security hole).
Yet so many consumer routers continue to ship with glaring security holes. Not just as in “convenience features” like the one above (the one-button WiFi setup is notoriously insecure), but many unpatched security holes. It’s easy to blame it on laziness, but partly the reason is the economics of the market. The routers compete in a race to the bottom for cramming in more features at a lower price point. Do you really think the 7-antenna monstrosities really work better, or is it just a tacky “more antennas looks better - and we can artificially jack up the price” ploy?
Software engineers in Silicon Valley are already very well paid. Hardware engineers, by virtue of being more rare, and often require a lot of low-level knowledge, and are tasked with far more constraints, cost even more. As we on the forum all personally know, good firmware is very design-intensive and very time-consuming to develop, so it’s very expensive to do correctly. How would Asus do it right when they ship no less than 12 different lines of routers at the same time, across at least 3 different hardware platforms?
Now these routers tack on all these extra features: hard drive support and NAS-like features, media sharing, some hook you up to cloud services, some throw in a VPN. The list goes on and on. They can barely have routers without vulnerabilities - so how can they pile on that much more without serious exposure surface?
I trust the Time Capsule more than other consumer routers, because, well, Apple is different. They write their own firmware, write their own operating system (time and again), and are very familiar with that territory. Their ability to compete lies in having deep knowledge of those areas, and their reputation depends on strong security. Not “most features for the dollar, let’s hope nobody uncovers the vulnerabilities, and if they do, pay them hush money”.
Apple shows good judgement in intentionally omitting “features” which are broken by design, like the 6 digit codes required by that one-button WiFi setup. What a serious joke! So you won’t find a button for that. If Apple has to support it (because maybe your printer manufacturer really sucks and that’s the only way to put your printer on the network) then they hide that so it isn’t the first place you go.
They wrote their own app just to make configuring the Airport Extreme and Time Capsule easier. That app does a lot more than meets the eye. It is a non-trivial issue to detect a new Base Station, and make it a partner in your existing network.
They sweat the details when it comes to software. Well, they used to. They still get things mostly right, but back in 2014 when your Time Capsule was made - oh yeah, they got things right.
Security with consumer routers is so bad, I use an ancient Cisco router which is very slow compared to the Gigabit network that it’s on. But I don’t care because my internet connection is 25mbit anyway. The router is so old it doesn’t have the embedded Java app that the newer Cisco small business routers come with - which, no surprise, is chock full of security holes.
Security is very, very important.