Vulnerability in Routers Can Allow Remote Attackers to Take Control

Discussion in 'Latest US & World News' started by Monster Zero, Apr 19, 2019.

  1. Monster Zero

    Monster Zero Well-Known Member

    Joined:
    Feb 15, 2011
    Messages:
    2,414
    Likes Received:
    227
    Trophy Points:
    63
    -brought to you by IBM
    Routers: A Modern-Day Essential in Dire Need of Better Security
    April 8, 2019 | By Grzegorz Wypych Co-authored by Limor Kessem
    "The American Consumer Institute (ACI) looked into router security and found that no less than 83 percent of routers harbor high-risk vulnerabilities, many of which are open-source flaws. This staggering ratio accounts for both home and office routers and includes major name brands sold around the world.

    Routers are not just a relay switch; they have their own operating systems, their own software and, inevitably, their own vulnerabilities. Router vulnerabilities are rather common and can be attributed to various factors. It starts with internet service providers (ISPs) issuing the same router to millions of customers and inadvertently allowing vulnerability aggregation when zero-days arise, but it has more to do with the software that runs routers.

    Most manufacturers outsource firmware that gets developed with costs in mind. As such, it is rarely elaborate and, judging by the amount of router vulnerabilities out there, also rarely tested or secure. Making matters worse is the patch and update process: When was the last time you got a message prompting you to update your router’s firmware? Likely almost never. This means that even when patches are dealt with and become available to the public, most users will never know of them or know to take action."

    We won’t delve into open networking ports and unsecured protocols that run home routers — think Universal Plug and Play (UPnP), Home Network Administration Protocol (HNAP) and the Wi-Fi Protected Setup (WPS) password — but those interested in further reading should look them up.

    How much do these vulnerabilities matter? A lot. At the very least, router vulnerabilities can lead to consumer data being compromised and used by attackers. The same issue can allow criminal/nation-state third parties to spy on users, send them to phishing and malware-hosting websites, or alter data the user sends out when browsing the internet. Routers can also be infected by malware and enslaved by a malicious internet of things (IoT) botnet such as VPNFilter, which can eavesdrop on traffic passing through the router, or the Mirai botnet, which disrupted internet connections as well as telephony and television services in Germany for days before it was possible to stop the mayhem."

    Buffer Overflow Vulnerability in TP-Link Routers Can Allow Remote Attackers to Take Control
    _________________________________________________________________________________________________________________________________________________________________

    Scary. And this affect nearly all home user routers. All brands, Linksys, Cisco, Qualcomm, as they all use Linus and have the same backdoor vulnerability access port security holes.
    The trouble is manufacture of consumer Wi-Fi Routers was outsourced to the same vendors across the United States so no one, except perhaps business class manufactured networks
    are protected.

    I looked into this issue, the patches offered only to make the vulnerability appear to be concealed, but not really closed. ISP typically give a pat answer to questions about this, which is if a person doesn't have your network password you're OK. But really everyone is vulnerable.
     
    jay runner and Merwen like this.
  2. 61falcon

    61falcon Well-Known Member

    Joined:
    Apr 27, 2018
    Messages:
    9,606
    Likes Received:
    4,810
    Trophy Points:
    113
    Gender:
    Male
    Online security is an oxymoron.
     
    jay runner likes this.
  3. Monster Zero

    Monster Zero Well-Known Member

    Joined:
    Feb 15, 2011
    Messages:
    2,414
    Likes Received:
    227
    Trophy Points:
    63

    Scary that all the U.S. manufacturers, and U.S. made routers, have the same security flaws.

    Why'd they make them all this way?

    Was it intentionally put in so the Federal Government could spy in on us, and keep tabs on us, like Facebook,
    do you think?










    :pc:
    ___
     
    jay runner, Merwen and FreshAir like this.
  4. Thedimon

    Thedimon Well-Known Member

    Joined:
    Mar 17, 2018
    Messages:
    5,145
    Likes Received:
    2,460
    Trophy Points:
    113
    Gender:
    Male
    Any system will always have flaws in it.
    There is probably a 95% chance that you can have the most vulnerable router and you never suffer consequences from it. Just face it, average family doesn’t have much on their networks that would be of interest to real professional hackers. Also, absolute majority of the ISP users get new IP addresses every time they restart their modems, making it pretty difficult to trace a particular user long term.
    Most of the secure websites that involve money (banks, credit cards) encrypt your passwords within the browser, which means your crappy router will never be able to catch it and pass it down to someone else.

    So, get over yourselves, no government or hackers are exploiting your $50 routers - there is simply nothing of interest to them in doing so.
     
  5. kazenatsu

    kazenatsu Banned Donor

    Joined:
    May 15, 2017
    Messages:
    13,315
    Likes Received:
    3,864
    Trophy Points:
    113
    Unless you're in the UK where the government has criminalized Facebook posts and is going after people.

    We had one member in this very forum, Peter Dow, who stated he had been arrested for writing something threatening about the queen in an angry rant on Twitter. They took all his papers (he was some sort of engineer or scientist) and he never got them back.
     
    Last edited: Apr 19, 2019
    scarlet witch likes this.
  6. Thedimon

    Thedimon Well-Known Member

    Joined:
    Mar 17, 2018
    Messages:
    5,145
    Likes Received:
    2,460
    Trophy Points:
    113
    Gender:
    Male
    You don’t need to hack into someone’s home router to figure out who makes some Facebook posts.
     
  7. Observing

    Observing Well-Known Member

    Joined:
    Nov 12, 2016
    Messages:
    3,062
    Likes Received:
    812
    Trophy Points:
    113
    people expect privacy over a public medium? Stay off the internet.
     
  8. FreshAir

    FreshAir Well-Known Member Past Donor

    Joined:
    Mar 2, 2012
    Messages:
    88,814
    Likes Received:
    26,233
    Trophy Points:
    113
    many do not update the hardware on their routers... some still even use the older wep for wireless security
     
  9. Steady Pie

    Steady Pie Well-Known Member Past Donor

    Joined:
    Oct 15, 2012
    Messages:
    20,857
    Likes Received:
    4,853
    Trophy Points:
    113
    Routers are not public, they are an internal networking device. You need not connect them tl tje internet for them to serve their function, or for them to be hacked.
     
  10. Observing

    Observing Well-Known Member

    Joined:
    Nov 12, 2016
    Messages:
    3,062
    Likes Received:
    812
    Trophy Points:
    113
    Thank you. It is still part of the communication network with the outside world. My problem is that I don't have much personal information on my computer. I am not on facebook or anything of that sort and I don't even do my taxes on my computer that I go on the net with. I do have an amazon account though. I only have one credit card and don't even have a debit card. I try to limit my exposure as much as I can.
     
  11. jay runner

    jay runner Well-Known Member

    Joined:
    Oct 5, 2017
    Messages:
    12,406
    Likes Received:
    6,834
    Trophy Points:
    113
    Gender:
    Male
    It has backfired. There is no way in hell to stop foreign governments from interfering in other government elections. Unless you play for blood.
     

Share This Page