[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
The problem with routers is market failure. It’s almost impossible to buy a broadband router which has decent security stance or updates, it is just it hasn’t been exploited much. The recent example would be the “VPNFilter” malware. This is malware that runs on a broad selection of SoHo routers that use Busybox on Linux as their OS. The innocuous name is one chosen by the authors, don’t be fooled this is almost certainly written by actors working for Russian Intelligence and is being used against the Ukraine. It can be used to target specific traffic, or to DDoS websites, or to brick vulnerable routers (I suspect bricking is there as a feature mostly to hide their tracks, why destroy your own bots). But it is just a symptom of a bigger problem. These aren’t deep hacks that only an intelligence agency could find, indeed some are patched already if you upgraded... But the manufacturers aren’t fixing issues generally. My TP-Link router was vulnerable to XSS via DHCP as per my post in Full Disclosure 2014(?). They’ve sent me a beta copy with a fudged fix for the issue, they’ve not yet released it for other TP-Link users. As far as I know they haven’t fixed the other issues I reported. But the other Security folk tell me their routers and manufacturers aren’t any better. I think some of the ISP managed routers are a bit better, but only because security folk tested them independently and BT and Virgin have buying power. And BT has abused their access to people’s routers, so not sure I’d recommend that route. As an end user there is little you can do. Sure keep it up to date, change the default password, avoid exposing the admin interface externally, will help. Changing the default IP address is probably a good idea for obscuring the vulnerabilities but we are stepping out of the typical end user’s comfort zone (heck we lost 90% of average users at login, let alone change password), and it’ll only stop those attackers after the low hanging fruit. We take the practical approach at work, we assume the router is compromised and engineer our use of the Internet to avoid trusting it, but realistically that only gets you so far. If it is being used to attacker others, or if it is being used to target other devices in your house like a Smart TV (something say with microphone, cameras, or maybe something you enter your credit card details on...), simply keeping our work kit clean doesn’t stop all the issues of interest. As a buyer you can take security and patching into consideration, but once you’ve bought it is hard to influence anything. -- The Mailing List for the Devon & Cornwall LUG https://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq