Stories
Slash Boxes
Comments

SoylentNews is people

Netgear Exploit Found in 31 Models Lets Hackers Add Your Router to a Botnet

posted by CoolHand on Wednesday February 01 2017, @08:43AM   Printer-friendly
from the fun-with-botnets dept.

Fnord666 writes:

You might want to upgrade the firmware of your router if it happens to sport the Netgear brand. Researchers have discovered a severe security hole that potentially puts hundreds of thousands of Netgear devices at risk.

Disclosed by cybersecurity firm Trustwave, the vulnerability essentially allows attackers to exploit the router's password recovery system to bypass authentication and hijack admin credentials, giving them full access to the device and its settings. What is particularly alarming is that the bug affects at least 31 different Netgear models, with the total magnitude of the vulnerability potentially leaving over a million users open to attacks.

Even more unsettling is the fact that affected devices could in certain cases be breached remotely. As Trustwave researcher Simon Kenin explains, any router that has the remote management option switched on is ultimately vulnerable to hacks. While the remote management feature is disabled by default in most devices, the firm has found more than 10 thousand affected routers, but the actual number could be "over a million."

Original Submission

 
This discussion has been archived. No new comments can be posted.
Netgear Exploit Found in 31 Models Lets Hackers Add Your Router to a Botnet | Log In/Create an Account | Top | 12 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2, Insightful) by anubi on Wednesday February 01 2017, @09:54AM

    by anubi (2828) on Wednesday February 01 2017, @09:54AM (#461603) Journal

    As Trustwave researcher Simon Kenin explains, any router that has the remote management option switched on is ultimately vulnerable to hacks.

    I would venture to say that *anything* remotely managed is vulnerable to attacks.

    Whether done by cyber means, or psychological manipulation of a trusted ( but obedient ) person.

    --
    "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
    Starting Score:    1  point
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Total Score:   2  

  • (Score: 0) by Anonymous Coward on Wednesday February 01 2017, @11:05AM

    by Anonymous Coward on Wednesday February 01 2017, @11:05AM (#461614)

    Whether done by cyber means

    If you cyber with a router, you like technology too much.

  • (Score: 2) by JoeMerchant on Wednesday February 01 2017, @01:38PM

    by JoeMerchant (3937) on Wednesday February 01 2017, @01:38PM (#461637)

    Obedience is ubiquitous.

    http://www.simplypsychology.org/milgram.html [simplypsychology.org]

    --
    🌻🌻 [google.com]

    • (Score: 0, Flamebait) by Anonymous Coward on Wednesday February 01 2017, @03:06PM

      by Anonymous Coward on Wednesday February 01 2017, @03:06PM (#461660)

      Not everyone in that experiment even obeyed. But that's the least of the problems with that garbage; it's from the social sciences.

      • (Score: 0) by Anonymous Coward on Thursday February 02 2017, @04:02PM

        by Anonymous Coward on Thursday February 02 2017, @04:02PM (#461998)

        When participants could instruct an assistant (confederate) to press the switches, 92.5% shocked to the maximum 450 volts.

        Not 100% but maybe good enough for government work [time.com]?