Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Security

Researchers Hack Over a Dozen Home Routers 109

Posted by samzenpus from the protect-ya-neck dept.
An anonymous reader writes "Security researchers at Independent Security Evaluators have published a report demonstrating that a slew of home and small office (SOHO) routers are vulnerable to previously undisclosed vulnerabilities. The report asserts that at least thirteen popular routers can be compromised by a remote attacker, and a number of them do not require knowledge of credentials or active management sessions. Some of the routers are not listed as they work with vendors to fix them, but there are 17 vulnerabilities disclosed, with another 21 pending release. An article on CNET includes an interview with some of the researchers."
This discussion has been archived. No new comments can be posted.

Researchers Hack Over a Dozen Home Routers More

Researchers Hack Over a Dozen Home Routers

Comments Filter:

  • ISP Provided? (Score:1, Interesting)

    by GeneralTurgidson ( 2464452 ) on Wednesday April 17, 2013 @10:23PM (#43479175)
    If your ISP provides you an insecure router and your credit card numbers are subsequently stolen, whose fault is it? Especially when these routers are only configurable via your ISP?

  • Re:Use a FreeBSD box as your firewall (Score:2, Interesting)

    by vjlen ( 187941 ) on Wednesday April 17, 2013 @10:30PM (#43479235) Homepage

    This. We build these for clients and run pfSense on them. Low power, no heat, supports a backup WAN connection with it's three ethernet interfaces. And you can add two more with USB Ethernet adapters.

  • This time I'm intrigued... (Score:4, Interesting)

    by juventasone ( 517959 ) on Wednesday April 17, 2013 @10:45PM (#43479345)

    Comprosing cheap routers is a topic that has been covered on Slashdot many times before. In every previous article, they've required that remote administration be enabled on the router, which is generally never a default setting. This report states, "tested with out-of-the-box configuration settings". Really? Yikes.

  • Confirmed case here (Score:5, Interesting)

    by xyourfacekillerx ( 939258 ) on Thursday April 18, 2013 @02:06AM (#43480057)

    My parents' ISP issued router came down with a case of malware. The ISP kept putting them into walled-garden claiming botnet activity, and after months and months of this, I intervened. upon my investigation (which also took months) and thanks to their reluctant but cooperative security team, we determined it was not the only connected device that had the malware, but the router itself. And only because I "hacked" into it at some point and observed the malware in action, and reported my results back to the ISP. I thought my method (though it required some circumvention) was an intentional feature of the router. I didn't realize it was a vulnerability. Not at the time. I mean how do they remotely configure your router while on call or live chat with them? How can they expect me to think I can't do the same thing myself?

  • Re:Easy to mitigate. (Score:3, Interesting)

    by animaal ( 183055 ) on Thursday April 18, 2013 @03:55AM (#43480383)

    They're pretty much all CSRF vulnerabilities. Don't save your password to your router or don't use a common router IP address like 192.168.1.1

    I'm scratching my head here - why would an address like 192.168.1.1 be a problem? It's only an internal IP address. An attack from the outside would come through the external IP address. Once they've breached the router, surely it'd be simple to find internal addresses anyway?

    (Really hoping I don't have to re-address my stuff!)

Slashdot Top Deals

On the eighth day, God created FORTRAN.

Close