Dismiss Notice
Guest, I have a big favor to ask you. We've been working very hard to establish ourselves on social media. If you like/follow our pages it would be a HUGE help to us. SoSH on Facebook and Inside the Pylon Thanks! Nip

The New Cold War warms up a bit...with your router

Discussion in 'BYTE ME: Technology discussion' started by Couperin47, Jun 6, 2018.

  1. Couperin47

    Couperin47 Member SoSH Member

    Messages:
    12,048
    Today we get far more details about the VPNFilter malware and it's way more serious:

    https://arstechnica.com/information...cting-50000-devices-is-worse-than-we-thought/

    My main takeaways, to be instantly corrected by some here who have more knowledge, if I make any main blunders:

    1. This is not the work of script kiddies or even major Russian mafia, this is highly sophisticated state sponsored low level outright warfare and Putin ain't gonna stop til there is serious pushback.

    2. It's a vector against hardware that has always been a security joke, as I mentioned in another post, most consumer routers use chipsets from just 2 sources, none of the brands you know/purchase are made by companies with the technical knowledge to really design this equipment, they tinker at the edges with the hardware and software provided in the prototype designs provided by the chipset designers, This means attacks are usually applicable to most brands/models.

    3. We still have no way of ascertaining if you have been infected at Level 1 and the subsequent infections are now known to be able to cover their tracks almost perfectly.

    4. It will take most of a year til new routers, using new chipsets that make at least a decent attempt to avoid such hacking appear, so running out and buying something new, unless it's considerably more elaborate/expensive than the average consumer device is probably pointless atm.
     
  2. SumnerH

    SumnerH Malt Liquor Picker Dope

    Messages:
    25,274
    5. Run DD-WRT/OpenWRT/Tomato or similar, never use a stock vendor-created firmware if you can help it. The open-source stuff isn't perfect but at least it represent pooled resources shared across many hardware platforms and with the broader OS community, rather than one vendor's overtaxed engineering department that's underincentivized to worry about security.
     
  3. Couperin47

    Couperin47 Member SoSH Member

    Messages:
    12,048
    Tips if you want to try and take advantage of the Open Source option:

    Really low end routers often don't have enough memory to install DD-WRT/OpenWRT or Tomato, in some cases cut down versions have been crafted. Google your exact model (and version, several major brands: Netgear and dLink especially will have 4, 6 or 8 'versions' of the same model number and in these cases the entire design, even the brand of chipset may have changed, NONE are 'compatible' you need the exact MODEL and VERSION) and any of the 3 options above to see if there's a version of Open Source for your exact router. If there is, read up on installing and using it before you install, all 3 are much more elaborate than the already confusing firmware from the maker, it's VERY techie, unfortunately.
     
  4. VBSoxFan

    VBSoxFan Member SoSH Member

    Messages:
    254
    I have a NETGEAR router at home and a google search turned up this security advisory page on their site with a list of vulnerable routers. Mine, unfortunately, was on the list.
     

Share This Page