Consumer router insecurity

Laptops, Notebooks, Smartphones and Networking

Moderator: Moderators

User avatar
thegrommit
Ultra nForced
Ultra nForced
Posts: 5204
Joined: Sat Aug 02, 2003 1:24 am

Re: Consumer router insecurity

Post by thegrommit » Fri Apr 05, 2019 5:37 pm

https://arstechnica.com/information-tec ... r-routers/
attackers have been using Google cloud service to scan the Internet for routers that are vulnerable to remote exploits. When they find susceptible routers, the attackers then use the Google platform to send malicious code that configures the routers to use malicious DNS servers.
...
Ixia analyzed the rogue DNS server and found it targets the following domains: GMail.com, PayPal.com, Netflix.com, Uber.com, caix.gov.br, itau.com.br, bb.com.br, bancobrasil.com.br, sandander.com.br, pagseguro.uol.com.br, sandandernet.com.br, cetelem.com.br, and possibly other sites. People trying to reach one of these domains from an infected router will be connected to a server that serves phishing pages over plain HTTP.
Has this made much of a splash in Brazil Tabby?
Water cooled clay

User avatar
thegrommit
Ultra nForced
Ultra nForced
Posts: 5204
Joined: Sat Aug 02, 2003 1:24 am

Re: Consumer router insecurity

Post by thegrommit » Sat May 18, 2019 1:07 pm

https://arstechnica.com/information-tec ... connected/
Linksys wireless routers are regularly leaking full historic records of every device that has ever connected to them, including devices' unique identifiers, names, and the operating systems they use. The data can be used by snoops or hackers in either targeted or opportunistic attacks.
Article lists the affected models.
Water cooled clay

User avatar
thegrommit
Ultra nForced
Ultra nForced
Posts: 5204
Joined: Sat Aug 02, 2003 1:24 am

Re: Consumer router insecurity

Post by thegrommit » Wed May 22, 2019 6:23 pm

https://techcrunch.com/2019/05/22/tp-li ... te-hijack/
TP-Link said the vulnerability was quickly patched in both routers. But when we checked, the firmware for WR740N wasn’t available on the website.

When asked, a TP-Link spokesperson said the update was “currently available when requested from tech support,” but wouldn’t explain why. Only after TechCrunch reached out, TP-Link updated the firmware page to include the latest security update.
Water cooled clay

User avatar
thegrommit
Ultra nForced
Ultra nForced
Posts: 5204
Joined: Sat Aug 02, 2003 1:24 am

Re: Consumer router insecurity

Post by thegrommit » Wed Aug 14, 2019 9:50 pm

https://securityledger.com/2019/08/huge ... -15-years/
CITL researchers studied publicly available firmware images and evaluated them for the presence of standard security features such as the use of non-executable stacks, Address Space Layout Randomization (ASLR) and stack guards, which prevent buffer overflow attacks.
...
The results were not encouraging. Time and again, firmware from commonly used manufacturers failed to implement basic security features even when researchers studied the most recent versions of the firmware.
Water cooled clay

shadow
nLightened
nLightened
Posts: 124
Joined: Wed Sep 11, 2019 11:00 am

Re: Consumer router insecurity

Post by shadow » Thu Sep 12, 2019 2:31 am

Worth noting Google Wifi still seems to be doing pretty fantastic. Three years on and still getting regular updates with the Chrome OS platform. I should still be using mine...ended up getting a new gaming router I probably didn't need though. Sigh.

(Note: It doesn't always perform all that well though, so hopefully their next routers will be better in that regards.)
Ryzen 2600X - 5700 XT - 16GB RAM - 512GB Black, 480GB AMD, 2TB Firecuda
Xbox One X with 1TB Extreme
And various mobile kit such as your face.

User avatar
thegrommit
Ultra nForced
Ultra nForced
Posts: 5204
Joined: Sat Aug 02, 2003 1:24 am

Re: Consumer router insecurity

Post by thegrommit » Tue Oct 08, 2019 4:38 pm

https://threatpost.com/d-link-home-rout ... ed/148941/
The vulnerability (CVE-2019-16920) exists in the latest firmware for the DIR-655, DIR-866L, DIR-652 and DHP-1565 products, which are Wi-Fi routers for the home market. D-Link last week told Fortinet’s FortiGuard Labs, which first discovered the issue in September, that all four of them are end-of-life and no longer sold or supported by the vendor (however, the models are still available as new via third-party sellers).
Water cooled clay

User avatar
powerarmour
Mod Squad
Mod Squad
Posts: 11290
Joined: Sun Oct 13, 2002 2:10 am

Re: Consumer router insecurity

Post by powerarmour » Mon Oct 14, 2019 10:43 am

thegrommit wrote:
Tue Oct 08, 2019 4:38 pm
https://threatpost.com/d-link-home-rout ... ed/148941/
The vulnerability (CVE-2019-16920) exists in the latest firmware for the DIR-655, DIR-866L, DIR-652 and DHP-1565 products, which are Wi-Fi routers for the home market. D-Link last week told Fortinet’s FortiGuard Labs, which first discovered the issue in September, that all four of them are end-of-life and no longer sold or supported by the vendor (however, the models are still available as new via third-party sellers).
Luckily the two newer models are supported by DD-WRT and OpenWRT:

https://wiki.dd-wrt.com/wiki/index.php/D-Link_DIR-868L
https://openwrt.org/toh/d-link/dhp-1565

The older models probably need retiring anyway due to their specs alone. :P
Libera te tutemet ex inferis

User avatar
thegrommit
Ultra nForced
Ultra nForced
Posts: 5204
Joined: Sat Aug 02, 2003 1:24 am

Re: Consumer router insecurity

Post by thegrommit » Mon Oct 14, 2019 1:13 pm

powerarmour wrote:
Mon Oct 14, 2019 10:43 am
thegrommit wrote:
Tue Oct 08, 2019 4:38 pm
https://threatpost.com/d-link-home-rout ... ed/148941/
The vulnerability (CVE-2019-16920) exists in the latest firmware for the DIR-655, DIR-866L, DIR-652 and DHP-1565 products, which are Wi-Fi routers for the home market. D-Link last week told Fortinet’s FortiGuard Labs, which first discovered the issue in September, that all four of them are end-of-life and no longer sold or supported by the vendor (however, the models are still available as new via third-party sellers).
Luckily the two newer models are supported by DD-WRT and OpenWRT:

https://wiki.dd-wrt.com/wiki/index.php/D-Link_DIR-868L
https://openwrt.org/toh/d-link/dhp-1565

The older models probably need retiring anyway due to their specs alone. :P
Yeah, I retired my old DIR-655 many years ago. However, I suspect a lot of people haven't :?
Water cooled clay

User avatar
powerarmour
Mod Squad
Mod Squad
Posts: 11290
Joined: Sun Oct 13, 2002 2:10 am

Re: Consumer router insecurity

Post by powerarmour » Mon Oct 14, 2019 3:41 pm

thegrommit wrote:
Mon Oct 14, 2019 1:13 pm
Yeah, I retired my old DIR-655 many years ago. However, I suspect a lot of people haven't :?
Yeah my logic with routers in general is if either DD-WRT or OpenWRT consider them EOL also, it's time for the local recycling centre. :)

The DIR-655 is ~13 years old... that's base technologically ancient.
(Though it did have five revs: https://wikidevi.com/wiki/D-Link_DIR-655_rev_A1/A2)
Libera te tutemet ex inferis

shadow
nLightened
nLightened
Posts: 124
Joined: Wed Sep 11, 2019 11:00 am

Re: Consumer router insecurity

Post by shadow » Tue Oct 15, 2019 1:37 am

Honestly I just go by whoever gives me the best experience without going on to third party firmware. I probably have three currently supported routers right now.

My Google Wifi was best supported...but not the best choice for gaming.

My Zyxel NBG6617 is well supported overall, but sometimes goes entirely too long between updates. And doesn't like my modems login page much. (The setup needs improvement on my ISPs end, so there is that.)

My Razer Sila was probably a bad idea, but functionally it's great.
Ryzen 2600X - 5700 XT - 16GB RAM - 512GB Black, 480GB AMD, 2TB Firecuda
Xbox One X with 1TB Extreme
And various mobile kit such as your face.

Post Reply