You might want to upgrade the firmware of your router if it happens to sport the Netgear brand. Researchers have discovered a severe security hole that potentially puts hundreds of thousands of Netgear devices at risk.
Disclosed by cybersecurity firm Trustwave, the vulnerability essentially allows attackers to exploit the router's password recovery system to bypass authentication and hijack admin credentials, giving them full access to the device and its settings. What is particularly alarming is that the bug affects at least 31 different Netgear models, with the total magnitude of the vulnerability potentially leaving over a million users open to attacks.
Even more unsettling is the fact that affected devices could in certain cases be breached remotely. As Trustwave researcher Simon Kenin explains, any router that has the remote management option switched on is ultimately vulnerable to hacks. While the remote management feature is disabled by default in most devices, the firm has found more than 10 thousand affected routers, but the actual number could be "over a million."
(Score: 2) by Jiro on Wednesday February 01 2017, @09:22AM
I think turning your router into an entire botnet would be pretty hard.
(Score: 2) by Kunasou on Wednesday February 01 2017, @09:57AM
If your router can do that then it's something bigger than a router. Writing headlines is somehow difficult this days.
(Score: 1, Touché) by Anonymous Coward on Wednesday February 01 2017, @12:11PM
Clearly when the router is compromised, it's turned into a virtualisation host running multiple bots in VMs. Cheap and dirty way to inflate the node count of a botnet without requiring additional resources.
(Score: 2) by martyb on Wednesday February 01 2017, @12:52PM
Good catch; story title updated. Thanks!
Wit is intellect, dancing.
(Score: 2, Insightful) by anubi on Wednesday February 01 2017, @09:54AM
I would venture to say that *anything* remotely managed is vulnerable to attacks.
Whether done by cyber means, or psychological manipulation of a trusted ( but obedient ) person.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 0) by Anonymous Coward on Wednesday February 01 2017, @11:05AM
Whether done by cyber means
If you cyber with a router, you like technology too much.
(Score: 2) by JoeMerchant on Wednesday February 01 2017, @01:38PM
Obedience is ubiquitous.
http://www.simplypsychology.org/milgram.html [simplypsychology.org]
🌻🌻 [google.com]
(Score: 0, Flamebait) by Anonymous Coward on Wednesday February 01 2017, @03:06PM
Not everyone in that experiment even obeyed. But that's the least of the problems with that garbage; it's from the social sciences.
(Score: 0) by Anonymous Coward on Thursday February 02 2017, @04:02PM
When participants could instruct an assistant (confederate) to press the switches, 92.5% shocked to the maximum 450 volts.
Not 100% but maybe good enough for government work [time.com]?
(Score: 3, Interesting) by jdccdevel on Wednesday February 01 2017, @05:51PM
We used to recommend Netgear routers for consumer use, as the hardware is quite reliable, they work reasonably well, and models are usually supported for quite a while.
But these security issues are getting out of hand, there have simply been too many security vulnerabilities in these Netgear routers lately.
At least they can download and install updates. I just wish you could tell them to do it on a schedule, and didn't have to do it manually!
We're recommending Asus routers now. Powerful software with reasonably reliable (so far) hardware. And so far, much fewer security issues. (Although they aren't bug free.)
Mostly, the "Joining a Botnet" thing is hyperbole. Although possible to put a router on a botnet, it would require a lot of specialized work, and I don't know if the return on the time would be worth it.
Much more likely is a DNS Hijacking attack, and I've seen several waves of those on Netgear and other routers already. Since it's a simple setting change, it's really easy.
DNS Hijacking a router is a very effective means to attack all the computers on your network, and those are the real goldmine for attackers.
By replacing the IPs of ad server networks with their own, they can replace ads with their own, which can be a good source of revenue by itself or a vector for further attacks.
They can effectively steal any domain name they want. With a forged certificate, they can even emulate your bank.
It isn't something that would show up on a virus scan either.
Why would they risk drawing attention to a potential goldmine like that by adding the router to a botnet of all things? Using the Hijacked DNS to hack the PC, and get to join the botnet instead would be much easier.
(Score: 2) by arslan on Thursday February 02 2017, @12:48AM
Ummm I dunno... the vulnerability is only with physical access. Remote access only if remote management is turned on, which is off by default.
If you don't have remote management turned on and rely on physical security, it is not an issue. I would imagine most consumer homes are like that.
If you're geeky enough to turn on remote management, you should be patching regularly.
(Score: 2) by jdccdevel on Thursday February 02 2017, @05:54PM
That depends on how the vulnerability works.
Most of these routers use the same local IP subnet by default, so it's actually fairly easy to script an attack against them from the Internet, via a web browser.
If it's just a http request against the router (chances are good it is), it doesn't take anything more complicated than some Javascript, or a cleverly constructed web page.
Remote access being off by default helps, But it isn't enough.