Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
Bug Security Hardware

Zero-Day Bugs In Numerous Modems/Routers Could Compromise Millions of Users (softpedia.com) 81

An anonymous reader writes: Researchers have discovered a large number of zero-day flaws in 8 routers/modems from 4 manufacturers (ZTE, Huawei, Gemtek, Quanta) that would allow attackers to build a huge botnet by leveraging just a few exploits. Vulnerabilities include remote code execution, firmware rewrites, XSS, and CSRF. All these allow attackers to intercept both HTTP and HTTPS Web traffic, infect computers beyond the modem, intercept SMS messages, and detect the modem's geographical location. After six months, manufacturers have failed to fix the issues.
This discussion has been archived. No new comments can be posted.

Zero-Day Bugs In Numerous Modems/Routers Could Compromise Millions of Users

Comments Filter:
  • Openwrt (Score:5, Interesting)

    by Jonathan P. Bennett ( 2872425 ) on Wednesday December 02, 2015 @03:08PM (#51043321)

    This is why the ability to install secure and Open Source firmware like OpenWrt is so important.
    https://openwrt.org/ [openwrt.org]

    • Re: (Score:2, Funny)

      by sexconker ( 1179573 )

      The Chinese will just move the backdoors deeper into the hardware.
      We're long passed the point of no return on this one.

      • Past.
        (I had "We passed the point of no return on this one a long time ago." and just moved shit around. Oopsie doopsie poopsie.)

      • by davecb ( 6526 )
        There was an ACM article about hardware backdoors: turns out they show up as rarely-acessable code when you do a (normal) check to get rid of redundant or under-used circuts.
    • by vux984 ( 928602 )

      I'm still on barrier breaker; my router isn't supported by chaos calmer (yet)?

      If there's a flaw in the older version... I'm pretty much in the same boat as any one with default firmware would be.

      • Re: (Score:2, Interesting)

        by Anonymous Coward

        Buy a new router. Routers which are supported by the latest OpenWRT release can be bought for less than $20. You don't need a fancy gigabit router on the edge of your home network. I would tell you what to get and where and how much it actually costs, but Google won't let me search US shops, because apparently a search engine should under no circumstances let me search anything outside my area. Fuck this, the internet is dead. Why have a router when the internet is like this. What we need are VPN gateways t

        • by vux984 ( 928602 )

          You don't need a fancy gigabit router on the edge of your home network.

          My internet is currently 120/6; so 100mbps isn't sufficient. I also want my openwrt box to have plenty of ram, cpu, and space, so that I can play with openwrt without worrying too much about running into the limits of the hardware. I have a Dlink dir-835 right now.

          I'm open to replacing it with something that will likely be supported by new versions of openwrt sooner than later.

          I -like- having wifi AP all built into one box, but separating them into two separate boxes would make openwrt easier than I

      • I'm still on barrier breaker; my router isn't supported by chaos calmer (yet)?

        If there's a flaw in the older version... I'm pretty much in the same boat as any one with default firmware would be.

        What hardware do you have that isn't supported?

        • by vux984 ( 928602 )

          What hardware do you have that isn't supported?

          Dlink DIR-835
          https://wiki.openwrt.org/toh/d... [openwrt.org]

          As I wrote elsewhere in the thread:

          My internet is currently 120/6; so 100mbps isn't sufficient. I also want my openwrt box to have plenty of ram, cpu, and space, so that I can play with openwrt without worrying too much about running into the limits of the hardware. I have a Dlink dir-835 right now.

          I'm open to replacing it with something that will likely be supported by new versions of openwrt sooner than later.

          I -like- having wifi AP all built into one box, but if separating them into two separate boxes would make openwrt easier than I'm game to consider it.

    • Re:Openwrt (Score:4, Insightful)

      by The_Dougster ( 308194 ) on Wednesday December 02, 2015 @03:17PM (#51043425) Homepage

      OpenWRT is really good. I won't buy a router now unless its on the OpenWRT supported hardware list.

    • Re:Openwrt (Score:5, Informative)

      by gstoddart ( 321705 ) on Wednesday December 02, 2015 @03:33PM (#51043555) Homepage

      So, here's the problem with that:

      All of these modems are distributed by various telcos to their customers.

      As well as:

      It also appears that some of the modem's firmware was also modified by the telecommunications companies that distributed the modems to their customers.

      So, the real problem is these modems belong to the telco, you probably can't change the firmware, and the bugs in some cases seem to have been introduced by the telcos.

      No amount of open source ANYTHING is going to fix telcos who are providing customers with modified versions of the routers which they've done a poor job of changing.

      EVEN if the original companies release fixes, the telcos are likely too lazy/cheap/indifferent to fix the damned things, and users can't exactly swap out the modems.

      Shit like this is why companies need to bear some legal responsibility, and why telcos should be barred from modifying equipment for their own purposes -- their desire to brand it or add their own special functionality as often as not leaves users with abandoned devices which can't be fixed.

      Any sufficiently advanced incompetence is indistinguishable from malice. And this is some pretty advanced incompetence.

      • Personally, I DON'T run the Telco provided router and I suggest you not use it either. In fact, my ISP sent me a new router just last week and I don't plan to even unwrap it. Go buy your own, load your choice of open source firmware on it and leave the ISP's router in the box.

        If you are REQUIRED to run the ISP's router, put your own router *behind* it and hide your whole network from your ISP either by using NAT or have a very strict firewall rule set (or both). (I.E create a DMZ and put your network b

    • by WD ( 96061 )

      OpenWRT runs on 3G/4G modems?

    • For hackers, maybe.

      For the vast majority of the population (myself included) a router is a fire-and-forget thing. It's set up, it works, that's it. I never log in to my router to see if there's a firmware update (even while I faintly remember there is such an option, most people won't realise this at all). I don't get notified that there is a new update, so will have to remember and manually check for it. That just doesn't happen, and I like to play with those devices. Most people are less interested and re

  • by Kichigai Mentat ( 588759 ) on Wednesday December 02, 2015 @03:33PM (#51043549) Journal
    Cue renewed calls for auditable firmware.
    Cue those calls continuing to fall on deaf ears.

    I mean, let's face it, barring something cataclysmic this just ain't going to happen.

    Arguably there are trade secrets contained within the firmware, which could be exploited by competitors. Motorola wouldn't want Xoom to find out that a commonly used algorithm for dealing with DOCSIS comms is in fact less efficient than another one they dug up, nullifying their competitive edge. And likewise D-Link wouldn't want you to find out that there's a critical problem with their router that can't be fixed in firmware. So they're going to fight this.

    Auditable firmware would also expose management controls used by telecoms and ISPs. This would expose their capabilities, and how they work. People wouldn't just know how far reaching these controls are, but also how limited they are. It could raise the specter or nefarious people reverse engineering access to those controls, and doing things they aren't supposed to do. So they're going to fight it too.

    Then there are legislative bodies. Auditable firmware could not only expose any backdoors that are currently in use, but expose any they try to implement in the future. So they're going to do what politicians do best and try to sweep the whole thing under the rug.

    This leaves us, thankfully, with at least one ally: The FCC, who have said they will not be blocking the use of third party firmware on wireless devices [arstechnica.com], so at least we can still retreat to open sourced firmware wherever possible, instead of relying on others to open up code for us.

    • by PRMan ( 959735 )
      The FCC needs to be given authority to fine tech companies for security problems. $1 per model shipped for the first offense and doubled for each additional offense within a given time period.
      • What grade of problem is high enough to warrant a fee? It responds to pings and can be DDoS'd? It's SMB client has a vulnerability that lets anyone on the LAN access an attached drive? What about people who don't update their firmware? What about older devices that are no longer supported?

        The problem is that almost everything is going to have some sort of a security problem at some point, so where is the line drawn?

    • likewise D-Link wouldn't want you to find out that there's a critical problem with their router that can't be fixed in firmware. So they're going to fight this.

      Is D-Link going to fight against customers who open the box and try to use the thing? Because that's how I found out that my D-Link routers had critical problems that couldn't be fixed in firmware (not that D-Link would bother doing so if they could).

      • D-Link already got your money. Unless they're charging for firmware updates, and unless you're going to sue them, they've already won.
        • It's a Pyhrric victory, because I'm not buying their fucking shit anymore, and neither is anyone in my sphere of influence (work, friends, family, neighbors, etc.).
          They don't exactly have a stranglehold on the market, yet they behave like there are no alternatives. The only more egregious example of "Nah, fuck you, customer." I've seen was with OCZ. We all know how that turned out.

  • Fuck technology
  • More and more I tend to think the number one protector of consumer and small business gateways is the wall wart, which predictably fails every 2-5 years, giving the appearance of a new device being needed, thus another temporary improvement in security. I suspect that one day, a clever malware maker will figure out how to grab voltage and current in the device and inform the users a new power supply is required.

    Personally, I run pfSense on an Atom board with numerous NICs.

  • I was going to point out that they are all Chinese companies (and imply something insidious) but 2 of them are Taiwanese and there's no way that they would help the Chinese government.
  • "After six months, manufacturers have failed to fix the issues."

    That kind of crap will eventually cause Congress to enact legislation to make manufacturers liable for unpatched vulnerabilities.

    • by ruir ( 2709173 )
      Are not they passing legislation making politicians liable for corruption? It is so fine and dandy legislating other people work and putting them working for free for the media cartels, but god forbids them from cleaning their own backyard.
  • by ruir ( 2709173 ) on Wednesday December 02, 2015 @07:27PM (#51045101)
    Disclaimer: I worked in the past for a cable operator... What the article does fail to mention is that once there is: 1st) Once there is an update, the ISP provider upgrades all of the modems REMOTELY. 2nd and for more important. Normally the (cable modem) routers are in a protected network with PRIVATE IP addresses. So if you are using a model that does not doubles up as router, you are good. If you do that, the modem usually is crappy and slow anyway, disable the routing function, buy your own router, and put it only doing bridging.
  • TFA tells about intercepting HTTPS. How does a modem-router flaw allow that, since HTTPS is an end to end protection?
    • TFA tells about intercepting HTTPS. How does a modem-router flaw allow that, since HTTPS is an end to end protection?

      It allows you to capture the encrypted packets. :) Of course, some of that encryption is trivially easy to crack, but not all. Shhh... Your are spoiling the article.

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (8) I'm on the committee and I *still* don't know what the hell #pragma is for.

Working...