Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can a Router Cable/Wire be Affected or Infected by Malware?


  • Please log in to reply
16 replies to this topic

#1 atrueidiot

atrueidiot

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 08 October 2016 - 03:14 PM

I know if you suspect or have confirmed malware in your router that you should reset it to factory defaults.  Can malware actually make it so that you CAN'T reset to factory defaults?
 
Or, say, even if you reset it, there will still be some lingering malware inside the router?
 
Thanks.  


BC AdBot (Login to Remove)

 


#2 atrueidiot

atrueidiot
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 08 October 2016 - 03:25 PM

I know a router can be harmed by malware, but what about an router's ethernet cable/wire?

 

Can the cable/wire itself be infected or affected by malware? (I'm wondering if I should throw my cable out and buy a new one if so, since I very likely had malware in my network?)

 

 

I also posted the same question here at Stack Exchange:

http://security.stackexchange.com/questions/139181/can-a-router-cable-wire-be-affected-or-infected-by-malware?noredirect=1#comment260153_139181

 

I got back this response:

 

 

 

No for current network cables this won't be the case.

That said don't rule this out on future cables which contain tiny microchips like some of the Apple charging cables which have authenticator chips hidden in them. As time goes on these will have more features and more potential to be used in attacks. For now though you have nothing at all to worry about.


Edited by atrueidiot, 08 October 2016 - 03:27 PM.


#3 atrueidiot

atrueidiot
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 08 October 2016 - 03:29 PM

If I also have an iPAD that needs to be reset, does that mean the iPAD's charger cable could also have malware?  If so, would I need to throw it away and buy a new one to be safe?


Edited by atrueidiot, 08 October 2016 - 03:29 PM.


#4 Animal

Animal

    Bleepin' Animinion


  • Members
  • 35,905 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:06:39 AM

Posted 08 October 2016 - 03:37 PM

True wire and end connector Ethernet cables, cannot store and execute malware. There is no place for the payload to be stored or executed from. It is merely a copper based pathway from one point to another.

As for the ipad charger I would not be surprised if someone somewhere has created a proof of concept scenario. But the viability or in the wild actual cases I'm quite certain they do not exist at this time.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:39 PM

Posted 08 October 2016 - 04:07 PM

From what I understand about the chips in Apple's lightning cable, they can only communicate with the Apple device on the lightning connector (iPhone/iPad), not with the device on the USB connector (Mac, PC, ...).

 

So in theory, malware on your PC can not directly affect your lightning cable.


Edited by Didier Stevens, 08 October 2016 - 05:51 PM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#6 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:39 PM

Posted 08 October 2016 - 04:17 PM

When consumer routers are factory reset, it's all the settings that are reset to a default value. But the firmware (the programs) on the router is not reset.

So if you have an infected router that has been programmed with malicious firmware, then doing a factory reset will not remove the malware.

 

You could install the latest firmware to overwrite the malicious firmware, but since the firmware upgrade is almost always done by the running firmware, then sophisticated malicious firmware can tamper with the firmware upgrade and persist.

 

But if we are just talking about a compromised router where the DNS settings have been changed to point to a malicious DNS server (without malicious code running on the router), then a factory reset will also reset the DNS settings.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,077 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:39 AM

Posted 09 October 2016 - 06:41 AM

Since your other topic was related to this one, I have merged them together.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 atrueidiot

atrueidiot
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 12 October 2016 - 07:20 PM

When consumer routers are factory reset, it's all the settings that are reset to a default value. But the firmware (the programs) on the router is not reset.

So if you have an infected router that has been programmed with malicious firmware, then doing a factory reset will not remove the malware.

 

You could install the latest firmware to overwrite the malicious firmware, but since the firmware upgrade is almost always done by the running firmware, then sophisticated malicious firmware can tamper with the firmware upgrade and persist.

 

But if we are just talking about a compromised router where the DNS settings have been changed to point to a malicious DNS server (without malicious code running on the router), then a factory reset will also reset the DNS settings.

How would a person know which type of problem she or he has?

 

Is there some type of router firmware that could be so malicious that it would block any attempts to remove it?  

 

What can a person do?  Buy a new router?



#9 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:39 PM

Posted 13 October 2016 - 06:23 AM

Checking your DNS settings is easy, you log on to the management page of your touter and you check the DNS settings (IP addresses of the DNS servers).
 

Checking for malicious code on a SOHO router is very hard to do, and often impossible because they don't have the required management interfaces.

 

Do you have a specific concern with your router, or are you just interested in this topic?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#10 atrueidiot

atrueidiot
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 14 October 2016 - 08:02 PM

Checking your DNS settings is easy, you log on to the management page of your touter and you check the DNS settings (IP addresses of the DNS servers).
 

Checking for malicious code on a SOHO router is very hard to do, and often impossible because they don't have the required management interfaces.

 

Do you have a specific concern with your router, or are you just interested in this topic?

 

I posted a long question on Bleeping Computer a while back, but it seemed to either not actually get posted or got deleted.  I had concerns about my home network having been compromised and all devices on it potentially having malware:

 

http://www.techist.com/forums/f51/did-malware-hackers-infect-my-entire-household-need-help-278311/ (Techist)

http://www.computerforums.org/forums/cyber-safety-computer-security/did-malware-infect-my-entire-household-need-help-experts-228229.html (Computer Forums)
http://security.stackexchange.com/questions/138546/did-malware-infect-my-entire-household-need-help/138547(Stack Exchange)

 

Above are copies of that exact question asked in other online forums (I also asked the same question on other sites too, but only posted three that I frequent the most), along with answers/discussion I received back.  It was a long question and probably not reader friendly to post in entirety here in the comments section.  If you wouldn't mind, I'd love for you (and/or others) to read it and see if you all had any unique feedback?

 

The issue about router firmware malware mentioned in this thread was not mentioned in any other thread.  So that was a unique concern that popped up for me. 

 

I do actually fear I might have something like that.  My router didn't have a secure, customized password for 4 straight months and I also went on a popular porn website that is known for malware and believe I got infected with something afterwards (all of this is detailed in the thread links I posted above). 

 

My question was:  If there is a very malicious type of bug in my router, is there any way that it might be so malicious that it'd block attempts to get rid of it?  And, if so, would that mean I'd have to throw away the current Verizon Fios router and buy a new one to by safe?  ...Actually, would buying a new one even make it safe????!

 

Thank you again.

 

-atrueidiot


Edited by atrueidiot, 14 October 2016 - 08:21 PM.


#11 Animal

Animal

    Bleepin' Animinion


  • Members
  • 35,905 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:06:39 AM

Posted 15 October 2016 - 01:06 PM

I posted a long question on Bleeping Computer a while back, but it seemed to either not actually get posted or got deleted.


As of this reply I see that you have 5 posts attributed to you, which is shown under your avatar.

Those would all be in this thread. Being posts 1, 2, 3, 8 and 10.

As quietman7 noted in reply #7 he did merge one of your posts into this thread as it was all related. Is that possibly what you might be thinking of as being a different post or topic you made here at BleepingComputer?

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+


#12 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:39 PM

Posted 16 October 2016 - 06:35 AM

I don't find mentions of malware for the Fios router firmware online. And only one XSS CVE.

So I would not worry about compromised firmware for the Fios router.

 

Regarding compromised DNS settings:

Verizon has some good info on DNS changing malware:

https://www.verizon.com/support/residential/internet/fiosinternet/general+support/security/questionsone/dnsmalware.htm

https://www.verizon.com/support/residential/internet/fiosinternet/general+support/security/questionsone/dnsmalware2.htm


Edited by Didier Stevens, 16 October 2016 - 06:53 AM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#13 resertedlab

resertedlab

  • Members
  • 143 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 16 October 2016 - 07:52 PM

Didier, are you aware if such Router Malware can transpass from android device? We now know that there are malwares that compromise both android and widnwos OS, but is it possible your compromised android phone, connected to the router, to execute such malware? Or the known router malwares/malicious stuff are only intercepted from Windows OS?



#14 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:39 PM

Posted 17 October 2016 - 02:52 AM

No, I don't know.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#15 atrueidiot

atrueidiot
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 21 October 2016 - 08:16 AM

Well, I'm buying a NEW router just to be safe.  I had to read tons of online stuff about router and modem malware and the stuff I found at Stack Exchange said that it would be easiest to just buy a new device:

http://security.stackexchange.com/questions/138418/how-do-i-deal-with-a-compromised-network-device

 

b/c fixing an infected one would be kind of a pain.  For a non-computer person like me, I'd be scared I could mess something up.  New router ultimately was the solution for me and my house.

Thank everyone for their help thus far!  

I had a final question regarding my home malware infection that I posted here:  

http://security.stackexchange.com/questions/138418/how-do-i-deal-with-a-compromised-network-device






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users