Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Are routers hackable?


  • Please log in to reply
25 replies to this topic

#1 printerandink

printerandink

  • Members
  • 190 posts
  • OFFLINE
  •  
  • Local time:12:02 PM

Posted 09 March 2012 - 12:33 AM

I'm guessing that if so passwords are the only protection for them, right?

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:05:02 PM

Posted 09 March 2012 - 01:09 AM

Have a read here: http://techgyo.com/index.php/how-to-protect-your-router-from-getting-hacked/
Also have a read here: http://www.forbes.com/sites/firewall/2010/07/13/millions-of-home-routers-vulnerable-to-web-hack/

#3 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:02 PM

Posted 09 March 2012 - 04:46 AM

I'm guessing that if so passwords are the only protection for them, right?


Yes, routers can be compromised.
For example if they have a default password. Or a weak password.

But there are also routers with known vulnerabilities (bugs that can be exploited), which opens them up to attacks without needing to know the proper password.

Do you have a router you want to protect?

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#4 printerandink

printerandink
  • Topic Starter

  • Members
  • 190 posts
  • OFFLINE
  •  
  • Local time:12:02 PM

Posted 10 March 2012 - 12:03 AM

Yup. I just found out they were a security risk too. I thought they were the opposite.

#5 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:02 PM

Posted 10 March 2012 - 01:41 PM

OK, first find out if you are running the latest firmware. The way to do this is very different from model to model. Assuming you've a web interface to your router, browse through it to find this info.
If you are not, upgrade to the latest version. Make sure you select the right firmware for your router, because worst case you will "brick" your router: it will become completely unusuable.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:05:02 PM

Posted 10 March 2012 - 01:50 PM

Before the firmware upgrade, I would make sure to reset the router back to factory defaults via the reset button.

#7 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:02 PM

Posted 10 March 2012 - 02:27 PM

Before the firmware upgrade, I would make sure to reset the router back to factory defaults via the reset button.


I would do this only if the official firmware upgrade procedure requires it.
And if it does, make sure that:
1) you've written down all necessary configuration options, like ISP credentials, subnets, ...DHCP server settings, ...
2) don't connect the router to the Internet with its default password
3) look into your web interface if you can backup the configuration prior to resetting it

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#8 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:02 PM

Posted 10 March 2012 - 02:31 PM

FYI: you could have another option than upgrading your firmware, depending on the model of your router.

There are open source firmwares for routers, like dd-wrt.

But I would only recommend this if you feel absolutely comfortable thinkering with computers and network devices on a command line level.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#9 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:05:02 PM

Posted 10 March 2012 - 02:38 PM

the reason, I suggested the reset to factory defaults is to make sure that there is no malware in the router that could make it hackable again.

#10 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:02 PM

Posted 10 March 2012 - 02:58 PM

the reason, I suggested the reset to factory defaults is to make sure that there is no malware in the router that could make it hackable again.


OK, I understand.

But if you suspect that there is malware in the router (i.e. that the router firmware has been altered to add malicious code), then there is no 100% guarantee that you will ever be able to remove this malicious code. Although resetting is a hardware signal, the reset to factory default is also done by code in the firmware, which can be altered too to circumvent this and allow the malicious code to persist.
Even upgrading is done by code in the firmware, which again, can be altered to circumvent this and allow the malicious code to persist.
The only way to fix this requires hardware intervention, which is beyond our scope.

Now if you suspect that there is a malicious configuration in the router (e.g. the DNS setting points to a malicious DNS server) but that the code itself (firmware) remains unaltered, then resetting will indeed remove these malicious configuration entries. But this is something that can be done with a careful review of all settings too.

printerandink, did you start this post because you think your router is hacked?

Edited by Didier Stevens, 10 March 2012 - 03:01 PM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#11 printerandink

printerandink
  • Topic Starter

  • Members
  • 190 posts
  • OFFLINE
  •  
  • Local time:12:02 PM

Posted 16 March 2012 - 12:29 AM

No, I had wondered about this for a while and just wanted to know.

How would you even tell if it was compromised?

Edited by printerandink, 16 March 2012 - 12:30 AM.


#12 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:02 PM

Posted 16 March 2012 - 03:12 PM

How would you even tell if it was compromised?


Yeah, this can be a challenge. Example: psyb0t will disable telnet and ssh on your router.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#13 printerandink

printerandink
  • Topic Starter

  • Members
  • 190 posts
  • OFFLINE
  •  
  • Local time:12:02 PM

Posted 16 March 2012 - 09:58 PM

Would this be more of a risk if someone else's pc, which has been VERY compromised in the past, were hooked to it at times even if no management of the router was done with that pc or even with that pc hooked up to it at the time of such management?

And how do you tell what ports to close?

Edited by printerandink, 16 March 2012 - 09:59 PM.


#14 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:02 PM

Posted 17 March 2012 - 04:53 PM

someone else's pc, which has been VERY compromised in the past


Do you mean it was infected when it was on the same network as your router, or was it clean when it was on the network?
And was your router the gateway for this infected PC?

Edited by Didier Stevens, 17 March 2012 - 04:55 PM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#15 Yiddish

Yiddish

  • Banned Spammer
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:02 PM

Posted 19 March 2012 - 11:30 PM

It cannot be,until and unless you reveal your password and not using weak password.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users