Hackers infect 500,000 consumer routers

Author
mettelus
Max Output Level: -23 dBFS
  • Total Posts : 5249
  • Joined: 2005/08/05 03:19:25
  • Location: Maryland, USA
  • Status: offline
2018/05/24 03:31:31 (permalink)

Hackers infect 500,000 consumer routers

This article just hit the news today, and I didn't see mention of it yet here in the forums. If you own any of the following routers:
  • Linksys E1200
  • Linksys E2500
  • Linksys WRVS4400N
  • Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
  • Netgear DGN2200
  • Netgear R6400
  • Netgear R7000
  • Netgear R8000
  • Netgear WNR1000
  • Netgear WNR2000
  • QNAP TS251
  • QNAP TS439 Pro
  • Other QNAP NAS devices running QTS software
  • TP-Link R600VPN
please read up on https://arstechnica.com/information-technology/2018/05/hackers-infect-500000-consumer-routers-all-over-the-world-with-malware/ or Google "Hackers infect 500,000 consumer routers" to find more information. Apparently this has been going on for a long time and was monitored, but was just made public today.  

ASUS ROG Maximus X Hero (Wi-Fi AC), i7-8700k, 16GB RAM, GTX-1070Ti, Win 10 Pro, Saffire PRO 24 DSP, A-300 PRO, plus numerous gadgets and gizmos that make or manipulate sound in some way.
#1

9 Replies Related Threads

    TheMaartian
    Max Output Level: -48 dBFS
    • Total Posts : 2749
    • Joined: 2015/05/21 18:30:52
    • Location: Flagstaff, AZ
    • Status: offline
    Re: Hackers infect 500,000 consumer routers 2018/05/24 15:00:52 (permalink)
    I have a Netgear C7000 (the cable-modem version). Need to do some follow-up! Thanks for the tip. Scary article.

    Intel i7 3.4GHz, 16 GB RAM, 2 TB HD Win10 Home 64-bit Tascam US-16x08
    Studio One 4 Pro NotionMelodyne 4 Studio Acoustica 7 Guitar Pro 7
    PreSonus FaderPort Nektar P6 M-Audio BX8 D2 Beyerdynamic DT 880 Pro
    NI K9U XLN AK, AD2 AAS VS-2, GS-2, VA-2, EP-4, CP-2, OD Toontrack SD3, EZK
    #2
    abacab
    Max Output Level: -32.5 dBFS
    • Total Posts : 4282
    • Joined: 2014/12/31 19:34:07
    • Status: offline
    Re: Hackers infect 500,000 consumer routers 2018/05/25 01:26:32 (permalink)
    If you have a Netgear router, they advise running the latest firmware for your device, disabling remote management, and changing your SSID and WiFi passphrase from the default.  https://community.netgear.com/t5/General-WiFi-Routers/Security-Advisory-for-VPNFilter-Malware-on-Some-Routers/m-p/1576170
     
    And it wouldn't hurt to reboot the router.
     
    As always, it is good practice to follow this advice:

    NETGEAR is aware of the security vulnerability that can in very limited instances allow remote access to a router or modem router, including password recovery and command execution. This vulnerability occurs when an attacker has access to the internal network or when a user has turned on remote management on the router or modem router.
    Remote management is turned off by default, so a user must have affirmatively turned on remote management through advanced settings for the router or modem router to be vulnerable in this manner.

     

    DAW: Cakewalk by Bandlab; Sonar Platinum, and others ...  Other: AIR AIEP; Akai VIP; BIAB; Fathom; Ignite; iZotope Iris 2; Miroslav; Notion; Overture; SampleTank 3; SynthMaster; Syntronik; Waves  OS: Win10 Pro x64 1709  System: Homebuilt Asus; i3 3.4Ghz; 8GB DDR3; Intel HD Graphics; Dual Monitors; Samsung EVO 850 SSD, 250GB; PCIe FireWire  Audio: M-Audio FW-410  Controllers: A-300PRO; Alesis VX49; CME Xkey  Hardware: Roland JV880; JV1080; XP-30; Alesis QS-6; Casio CZ-1000; Fender P-Bass

    #3
    TheMaartian
    Max Output Level: -48 dBFS
    • Total Posts : 2749
    • Joined: 2015/05/21 18:30:52
    • Location: Flagstaff, AZ
    • Status: offline
    Re: Hackers infect 500,000 consumer routers 2018/05/25 14:32:57 (permalink)
    I'm still wondering if the cable modem on the front end of the C7000 limits/eliminates its vulnerability.

    Intel i7 3.4GHz, 16 GB RAM, 2 TB HD Win10 Home 64-bit Tascam US-16x08
    Studio One 4 Pro NotionMelodyne 4 Studio Acoustica 7 Guitar Pro 7
    PreSonus FaderPort Nektar P6 M-Audio BX8 D2 Beyerdynamic DT 880 Pro
    NI K9U XLN AK, AD2 AAS VS-2, GS-2, VA-2, EP-4, CP-2, OD Toontrack SD3, EZK
    #4
    abacab
    Max Output Level: -32.5 dBFS
    • Total Posts : 4282
    • Joined: 2014/12/31 19:34:07
    • Status: offline
    Re: Hackers infect 500,000 consumer routers 2018/05/25 18:52:02 (permalink)
    TheMaartian
    I'm still wondering if the cable modem on the front end of the C7000 limits/eliminates its vulnerability.




    That probably depends on how your ISP set up the modem, the brand, and if it provides any sort of firewall or network address translation.  It probably does have remote management enabled, so that their tech support can reset or run diagnostics on your connection if necessary.
     
    Probably still best to lock your router down anyway following the best practices.  At least the bad guys should have a harder time getting into your router box and your private address space that way.  That way if the modem ever got compromised, only your unencrypted network traffic on the public side of the router would be at risk.   There are options such as VPNs that could ensure everything that goes out is encrypted, but at least you should already be using HTTPS, wherever possible these days anyway.

    DAW: Cakewalk by Bandlab; Sonar Platinum, and others ...  Other: AIR AIEP; Akai VIP; BIAB; Fathom; Ignite; iZotope Iris 2; Miroslav; Notion; Overture; SampleTank 3; SynthMaster; Syntronik; Waves  OS: Win10 Pro x64 1709  System: Homebuilt Asus; i3 3.4Ghz; 8GB DDR3; Intel HD Graphics; Dual Monitors; Samsung EVO 850 SSD, 250GB; PCIe FireWire  Audio: M-Audio FW-410  Controllers: A-300PRO; Alesis VX49; CME Xkey  Hardware: Roland JV880; JV1080; XP-30; Alesis QS-6; Casio CZ-1000; Fender P-Bass

    #5
    TheMaartian
    Max Output Level: -48 dBFS
    • Total Posts : 2749
    • Joined: 2015/05/21 18:30:52
    • Location: Flagstaff, AZ
    • Status: offline
    Re: Hackers infect 500,000 consumer routers 2018/05/25 22:37:53 (permalink)
    abacab
    TheMaartian
    I'm still wondering if the cable modem on the front end of the C7000 limits/eliminates its vulnerability.




    That probably depends on how your ISP set up the modem, the brand, and if it provides any sort of firewall or network address translation.  It probably does have remote management enabled, so that their tech support can reset or run diagnostics on your connection if necessary.
     
    Probably still best to lock your router down anyway following the best practices.  At least the bad guys should have a harder time getting into your router box and your private address space that way.  That way if the modem ever got compromised, only your unencrypted network traffic on the public side of the router would be at risk.   There are options such as VPNs that could ensure everything that goes out is encrypted, but at least you should already be using HTTPS, wherever possible these days anyway.


    Yup. I am putting two websites up, and the HTTPS certificate is $149/year each. Oh, well.
     
    The Netgear C7000 is basically the R7000 with a cable modem front-end. I bought, installed and set it up myself. I just provided Suddenlink with the MAC address and had them authorize it. I'll check the remote management setting and verify that it's OFF.

    Intel i7 3.4GHz, 16 GB RAM, 2 TB HD Win10 Home 64-bit Tascam US-16x08
    Studio One 4 Pro NotionMelodyne 4 Studio Acoustica 7 Guitar Pro 7
    PreSonus FaderPort Nektar P6 M-Audio BX8 D2 Beyerdynamic DT 880 Pro
    NI K9U XLN AK, AD2 AAS VS-2, GS-2, VA-2, EP-4, CP-2, OD Toontrack SD3, EZK
    #6
    EddieLotter
    Max Output Level: -89 dBFS
    • Total Posts : 96
    • Joined: 2012/01/05 20:08:18
    • Location: West Hollywood, CA
    • Status: offline
    Re: Hackers infect 500,000 consumer routers 2018/05/26 18:33:26 (permalink)
    TheMaartianI am putting two websites up, and the HTTPS certificate is $149/year each. Oh, well.

     
    You might be interested in Let's Encrypt.
    I haven't tried using them myself yet, but I intend to.

    Cheers
    Eddie
    #7
    TheMaartian
    Max Output Level: -48 dBFS
    • Total Posts : 2749
    • Joined: 2015/05/21 18:30:52
    • Location: Flagstaff, AZ
    • Status: offline
    Re: Hackers infect 500,000 consumer routers 2018/05/26 21:08:48 (permalink)
    EddieLotter
    TheMaartianI am putting two websites up, and the HTTPS certificate is $149/year each. Oh, well.

     
    You might be interested in Let's Encrypt.
    I haven't tried using them myself yet, but I intend to.


    VERY cool! Thanks!

    Intel i7 3.4GHz, 16 GB RAM, 2 TB HD Win10 Home 64-bit Tascam US-16x08
    Studio One 4 Pro NotionMelodyne 4 Studio Acoustica 7 Guitar Pro 7
    PreSonus FaderPort Nektar P6 M-Audio BX8 D2 Beyerdynamic DT 880 Pro
    NI K9U XLN AK, AD2 AAS VS-2, GS-2, VA-2, EP-4, CP-2, OD Toontrack SD3, EZK
    #8
    Jesse G
    Max Output Level: -33 dBFS
    • Total Posts : 4220
    • Joined: 2004/04/14 01:43:43
    • Status: offline
    Re: Hackers infect 500,000 consumer routers 2018/05/31 00:42:05 (permalink)
    What does Verizon use? that's what I have.

    Peace,
    Jesse G. A fisher of men  <><
    ==============================
    Cakewalk and I are going places together!

    Cakewalk By Bandlab, Windows 10 Pro- 64 bit, Gigabyte GA-Z97X-SLI, Intel Core i5-4460 Haswell Processor, Crucial Ballistix 32 GB Ram, PNY GeForce GTX 750, Roland Octa-Capture, Mackie Big Knob, Mackie Universal Controller (MCU), KRK V4's, KRK Rockit 6, Korg TR-61 Workstation, M-Audio Code 49 MIDI keyboard controller.[/
    #9
    drewfx1
    Max Output Level: -9.5 dBFS
    • Total Posts : 6585
    • Joined: 2008/08/04 16:19:11
    • Status: offline
    Re: Hackers infect 500,000 consumer routers 2018/05/31 16:55:13 (permalink)
    Jesse G
    What does Verizon use? that's what I have.




    My Verizon is an Actiontec, which Actiontec says it is not affected.
     
    However the advice about resetting default passwords and disabling remote administration (unless absolutely, positively 1000% necessary) are no-brainers for any internet connected devices (including ones behind a secure firewall)

     In order, then, to discover the limit of deepest tones, it is necessary not only to produce very violent agitations in the air but to give these the form of simple pendular vibrations. - Hermann von Helmholtz, predicting the role of the electric bassist in 1877.
    #10
    Jump to:
    © 2018 APG vNext Commercial Version 5.1