SoylentNews is people
SoylentNews
from the flash-alternate-router-firmware-for-protection dept.
janrinok writes "A recent survey carried out by Tripwire, reported by the BBC, claims that "80% of the 25 best-selling routers available on Amazon are vulnerable to compromise". Security researcher Craig Young from Tripwire said exploits had been publicly discussed and published for more than one-third of these devices.
In a separate report, the Internet Storm Center (ISC) warned about a continuing attempt to exploit a vulnerability in 23 separate models of Linksys routers. A worm, called 'The Moon' is compromising Linksys routers and then scans for other potentially vulnerable systems. So far, wrote ISC researcher Johannes Ullrich in his blogpost, it is not clear why the routers are being compromised and what might be done with them. There are hints in the exploit code that the routers will at some point be gathered together into a network of compromised machines. Currently, he added, all the worm was doing was spreading to other Linksys routers.
The reason for the current European concern is a recent large scale attack on home routers in order to gather usernames and passwords for online bank accounts, reported by the Polish Computer Emergency Response Team (CERT) and elsewhere."
(Score: 2) by janrinok on Monday February 24 2014, @02:56PM
Its true that many do not protect their routers even by the simply changing the default passwords. At least here (France) each router provided by an ISP has a password that is based upon the router's serial number. If you have the device in your hand it is possible to work out (eventually) what the default password will be, although it is not a straightforward read across. There is not a standard userid/password combination that works on all routers of that type.
I suspect that another reason, hinted at in my first paragraph, is that ISPs (e.g Orange.fr) provide the router and they can access it at any time to update the firmware inside it. No matter how careful they may be, the password for that attack vector could eventually become known, even if only to a few individuals leaving the device vulnerable. Fitting your own privately purchased router causes problems, as the ISP will simply ignore your router if it does not return the correct firmware password (I have tried, and even got a phone call from Orange asking if I was experiencing difficulties). Of course, it is easy to change the admin/user names and passwords, but I have not found a way to identify the ISP's password for my router. I suppose I could put another computer between the telephone cable and the router and sniff it out that way. But, to be fair, I have not seen reports of Orange's routers being vulnerable to any specific attacks.
Alternatively, perhaps someone will read this and point me in the right direction...?