• Computers
  • Hackers infect 500,000 consumer routers
2018/05/24 03:31:31
mettelus
This article just hit the news today, and I didn't see mention of it yet here in the forums. If you own any of the following routers:
  • Linksys E1200
  • Linksys E2500
  • Linksys WRVS4400N
  • Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
  • Netgear DGN2200
  • Netgear R6400
  • Netgear R7000
  • Netgear R8000
  • Netgear WNR1000
  • Netgear WNR2000
  • QNAP TS251
  • QNAP TS439 Pro
  • Other QNAP NAS devices running QTS software
  • TP-Link R600VPN
please read up on https://arstechnica.com/information-technology/2018/05/hackers-infect-500000-consumer-routers-all-over-the-world-with-malware/ or Google "Hackers infect 500,000 consumer routers" to find more information. Apparently this has been going on for a long time and was monitored, but was just made public today.  
2018/05/24 15:00:52
TheMaartian
I have a Netgear C7000 (the cable-modem version). Need to do some follow-up! Thanks for the tip. Scary article.
2018/05/25 01:26:32
abacab
If you have a Netgear router, they advise running the latest firmware for your device, disabling remote management, and changing your SSID and WiFi passphrase from the default.  https://community.netgear.com/t5/General-WiFi-Routers/Security-Advisory-for-VPNFilter-Malware-on-Some-Routers/m-p/1576170
 
And it wouldn't hurt to reboot the router.
 
As always, it is good practice to follow this advice:

NETGEAR is aware of the security vulnerability that can in very limited instances allow remote access to a router or modem router, including password recovery and command execution. This vulnerability occurs when an attacker has access to the internal network or when a user has turned on remote management on the router or modem router.
Remote management is turned off by default, so a user must have affirmatively turned on remote management through advanced settings for the router or modem router to be vulnerable in this manner.

 
2018/05/25 14:32:57
TheMaartian
I'm still wondering if the cable modem on the front end of the C7000 limits/eliminates its vulnerability.
2018/05/25 18:52:02
abacab
TheMaartian
I'm still wondering if the cable modem on the front end of the C7000 limits/eliminates its vulnerability.




That probably depends on how your ISP set up the modem, the brand, and if it provides any sort of firewall or network address translation.  It probably does have remote management enabled, so that their tech support can reset or run diagnostics on your connection if necessary.
 
Probably still best to lock your router down anyway following the best practices.  At least the bad guys should have a harder time getting into your router box and your private address space that way.  That way if the modem ever got compromised, only your unencrypted network traffic on the public side of the router would be at risk.   There are options such as VPNs that could ensure everything that goes out is encrypted, but at least you should already be using HTTPS, wherever possible these days anyway.
2018/05/25 22:37:53
TheMaartian
abacab
TheMaartian
I'm still wondering if the cable modem on the front end of the C7000 limits/eliminates its vulnerability.




That probably depends on how your ISP set up the modem, the brand, and if it provides any sort of firewall or network address translation.  It probably does have remote management enabled, so that their tech support can reset or run diagnostics on your connection if necessary.
 
Probably still best to lock your router down anyway following the best practices.  At least the bad guys should have a harder time getting into your router box and your private address space that way.  That way if the modem ever got compromised, only your unencrypted network traffic on the public side of the router would be at risk.   There are options such as VPNs that could ensure everything that goes out is encrypted, but at least you should already be using HTTPS, wherever possible these days anyway.


Yup. I am putting two websites up, and the HTTPS certificate is $149/year each. Oh, well.
 
The Netgear C7000 is basically the R7000 with a cable modem front-end. I bought, installed and set it up myself. I just provided Suddenlink with the MAC address and had them authorize it. I'll check the remote management setting and verify that it's OFF.
2018/05/26 18:33:26
EddieLotter
TheMaartianI am putting two websites up, and the HTTPS certificate is $149/year each. Oh, well.

 
You might be interested in Let's Encrypt.
I haven't tried using them myself yet, but I intend to.
2018/05/26 21:08:48
TheMaartian
EddieLotter
TheMaartianI am putting two websites up, and the HTTPS certificate is $149/year each. Oh, well.

 
You might be interested in Let's Encrypt.
I haven't tried using them myself yet, but I intend to.


VERY cool! Thanks!
2018/05/31 00:42:05
Jesse G
What does Verizon use? that's what I have.
2018/05/31 16:55:13
drewfx1
Jesse G
What does Verizon use? that's what I have.




My Verizon is an Actiontec, which Actiontec says it is not affected.
 
However the advice about resetting default passwords and disabling remote administration (unless absolutely, positively 1000% necessary) are no-brainers for any internet connected devices (including ones behind a secure firewall)
© 2024 APG vNext Commercial Version 5.1

Use My Existing Forum Account

Use My Social Media Account