Stories
Slash Boxes
Comments

SoylentNews is people

posted by Dopefish on Monday February 24 2014, @03:00AM   Printer-friendly
from the flash-alternate-router-firmware-for-protection dept.

janrinok writes "A recent survey carried out by Tripwire, reported by the BBC, claims that "80% of the 25 best-selling routers available on Amazon are vulnerable to compromise". Security researcher Craig Young from Tripwire said exploits had been publicly discussed and published for more than one-third of these devices.

In a separate report, the Internet Storm Center (ISC) warned about a continuing attempt to exploit a vulnerability in 23 separate models of Linksys routers. A worm, called 'The Moon' is compromising Linksys routers and then scans for other potentially vulnerable systems. So far, wrote ISC researcher Johannes Ullrich in his blogpost, it is not clear why the routers are being compromised and what might be done with them. There are hints in the exploit code that the routers will at some point be gathered together into a network of compromised machines. Currently, he added, all the worm was doing was spreading to other Linksys routers.

The reason for the current European concern is a recent large scale attack on home routers in order to gather usernames and passwords for online bank accounts, reported by the Polish Computer Emergency Response Team (CERT) and elsewhere."

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1) by len_harms on Monday February 24 2014, @02:57PM

    by len_harms (1904) on Monday February 24 2014, @02:57PM (#5836) Journal

    Yeah my ASUS router I bought a year or so ago is about the same.

    They have a 'check for updates' on the router webpage. But guess what there *was* a new update out on the ASUS page. For 2 weeks I left it thinking 'oh they will fix it and I will use the easy way'. Nope. Had to manually download and update.

    At that point I went to rmerlin's patches.

    Never thought I would be able to get 25-30MB (not bit) sustained rate thru wireless though. Seriously happy with the router. Good thing I didnt plug in a usb drive... ftp external on by default and no password (seriously?).

    ASUS seems to be moving towards a 1 package recompiled to rule them all. Which I think is a good way to go long term for these guys. This sort of thing will not end well if they slap together new models and then walk away. My old linksys router I bought to get 802.11N had 1 update, ever.

    These guys are slapping linux busybox distros into these things. Linux is pretty good for that but it does get vulins just like many other OS's out there. It does need patches for the packages included.

    This is not just routers either. My TV has a busybox distro in it and has not seen an update in 2 years. The motorola router that connects to TW is a busybox distro and its firmware is ~1-2 years old. The only thing saving us is that they are all ARM/MIPS architectures and each one is a bit different and it is a pain to root each one individually.