VPNFilter Can Also Infect ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE Devices (bleepingcomputer.com) 188
Catalin Cimpanu, writing for BleepingComputer: The VPNFilter malware that infected over 500,000 routers and NAS devices across 54 countries during the past few months is much worse than previously thought. According to new research technical details published today by the Cisco Talos security team, the malware -- which was initially thought to be able to infect devices from Linksys, MikroTik, Netgear, TP-Link, and QNAP -- can also infect routers made by ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE. The list of devices vulnerable to VPNFilter has seen a sharp jump from Cisco's original report, going from 16 device models to 71 -- and possibly more.
Good thing I use.... (Score:1)
Re: (Score:2)
There is a whole slew of Routerboard products listed:
RB411 (new)
RB450 (new)
RB750 (new)
RB911 (new)
RB921 (new)
RB941 (new)
RB951 (new)
RB952 (new)
RB960 (new)
RB962 (new)
RB1100 (new)
RB1200 (new)
RB2011 (new)
RB3011 (new)
RB Groove (new)
RB Omnitik (new)
That said, are you running pfSense ON the RB hardware? If so, do you have any docs on that? I'm interested.
Re: (Score:1)
Re: (Score:2, Funny)
I have both a Synology router and NAS and find it curious this entire brand is omitted from getting infected. Thoughts on why this Chinese-made brand isn't affected?
why hack something with backdoors ;~)
Re:Curious lack of Synology... (Score:4, Informative)
I read because QNAP and the other mentioned models used BusyBox for their userland, and likely a vulnerable version. Synology uses discrete Linux binaries for its userland, so it wasn't vulnerable because of this.
I would say that Busybox is a good product, but there have been some CVEs last year which required updates.
Synology is a Taiwanese company, so I fear it less than a company on the mainland.
Re: (Score:1)
Sure it is.... if you're an expert on programming and network security, you've personally audited all of the code and compiled all of the executables yourself with a compiler that you've somehow managed to ensure has not been compromised.
Otherwise, it's a roll of the dice.
Alt Firmware? (Score:1)
Does anyone know if this enters through the stock firmware, or is it a lower level attack? What if we're running DD-WRT or Tomato on one of these routers?
Re:Alt Firmware? (Score:5, Informative)
From a different article [thehackernews.com]
Since the research is still ongoing, Talos researchers "do not have definitive proof on how the threat actor is exploiting the affected devices," but they strongly believe that VPNFilter does not exploit any zero-day vulnerability to infect its victims.
Instead, the malware targets devices still exposed to well-known, public vulnerabilities or have default credentials, making compromise relatively straightforward.
Re: (Score:1, Interesting)
It's a vuln in the http server. Mikrotik patched it a year ago.
Wishlist ... (Score:3)
It would be nice to have modem adsl with openwrt ...
the old "reference design" trick (Score:2)
hardware is pretty much all the same, and apparently the core software is also a reference design, with the brand tricks all of the include.something variety.
Re: (Score:2)
Re: (Score:1)
Good Thing I have an Apple Router (Score:2, Informative)
I don't see it on the list, and I'm pretty sure that they write their own Firmware. Never heard of an exploit of an Apple Router. Ever.
Apple, PLEASE come back to the Router Business!!!!
And, while you're at it, please add AirPlay 2 support to the AirPort Express 2 Router/DAC!!!
Re: (Score:2)
I assume you are joking, but there is some truth in there. If you knew how to use it the Airport made a great home router
Re: (Score:2)
Re: (Score:3)
Bingo. Everyone dismissed it while it simply worked incredibly well. They say it had a "simple" interface not knowing how configurable it was under the hood. I had custom port forwards, IP assignment, DMZ, everything you'd think you'd want on a home router. Then they EOL'd it.
Re: (Score:1)
Re: (Score:1)
Yup, throwing on custom firmware and configs expecting things to not crash occasionally...
Seems like what I expect out of my router - something that routes reliably. Apparently you consider reliability as a lesser requirement.
or jumping into a router where you can't possibly ever do any of the functions you list?
What functions did I list?
Yeah, I know which one isn't going to crash (mostly because the user). Any $100+ router I've ever used never needed reboots, and those that are $100 only crash when heavily loaded (which I expect).
Well, considering I've owned at least 3 that also purported to run DD-WRT reliably, which they did when the hardware didn't lock up.... At least I'm assuming the hardware because it was a consistent problem across multiple firmware releases across all three. And several of those routers were in the $150 range. And I don't expect my router to crash
Re: (Score:2)
Yup, throwing on custom firmware and configs expecting things to not crash occasionally...
or jumping into a router where you can't possibly ever do any of the functions you list?
Yeah, I know which one isn't going to crash (mostly because the user). Any $100+ router I've ever used never needed reboots, and those that are $100 only crash when heavily loaded (which I expect). I've also never recieved a notification to reboot my router, so there's that.
Enjoy being locked to the simple interface.
As usual, the Anonymous COWARD spouts off about how his mythical, $5 device (which, as usual, is NEVER named. Why not, eh? Don't we ALL deserve to know about this GREAT DEAL?) beats the pants off of the "Overpriced" Apple gear.
Funny, that's how these Anonymous COWARD posts almost ALWAYS go.
So transparent.
Re: (Score:3)
I assume you are joking, but there is some truth in there. If you knew how to use it the Airport made a great home router
No. I was being dead serious.
My Airport Extreme 5th Gen Router NEVER needs a Reboot, has most of the bells and whistles expected in a modern router (separate 2.4 and 5 G Networks, Guest Network, Flexible Port Forwarding, etc.) Plus, I can even securely config. the thing over WiFi from my iPad if I so choose.
Plus it is hands-down the easiest Router I have ever had to set up in Bridge Mode. And it even supports some type of Mesh networking that I have never understood, since I don't have two of them.
Yeah, now
Latest firmware =/= best firmware (Score:2)
My Asus router has to run an older firmware version because the LTE USB modem I use for internet doesn't work with the latest firmwares. And yes I run one of the third-party firmwares which incidentally just announced they were no longer going to update this router anyway. No matter what, this Asus is a dead end even though it works just great.
My backup router is a Netgear which also happens to be on the hit list, yay, but it doesn't work with the LTE modem so it can't be a frontline device anyway.
The LTE
Asus -- Using AdvancedTomato FW?? (Score:2)
I have an Asus RT-N66U running Advanced Tomato.. Would it be affected with this issue???
Re: (Score:1)
Everyone can safely ignore this coward's ass. He won't give his address because he knows he'll be killed the moment he does. Someone give me his address, I'll be sure to end his sanity and make him take his own life.
He is a little bitch coward. Cowards and their software are to NEVER BE TRUSTED, like Facebook, Google, and many other cowardly big corps. It doesn't matter your size, if you are a weaselly, lying, shilling, spamming, threatening, COWARDLY FUCKING WASTE OF HUMAN SKIN, you are to not be trusted,
Re: Says "bugs bunny" the imaginary person, lol! (Score:1)