Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Few router safety questions


  • Please log in to reply
11 replies to this topic

#1 resertedlab

resertedlab

  • Members
  • 143 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 14 October 2016 - 09:07 AM

I checked a lot information about possible router infection, but here are few questions i still need to figure out ;)

 

1. I understand that if you bring infected laptop to your home router, it (although rarely) can plant in the firmware and therefore infect the router itself. If the rest of your machines are well protected with antivirus and antimalware, could the infection spread via the router to your other devices? Even if home group exists, but you dont exchange any files).

 

2. If someone figures out your router password (not the admin password, just the wifi connection password), could he steal/spy on your password, sites you visit and so on? Also, can he do that from a distance or he needs to be in the area of the router?

 

3. If you use router but your device is currently not connected to the wifi but plugged with internet cable (of the same internet), is your information still passing through the router therefor it could be stolen?

 

4. Does sites that use https - like facebook and gmail save/encrypted?

 

I am talking about D-link router in the current case ;)

 

Thanks again :)


Edited by resertedlab, 14 October 2016 - 09:17 AM.


BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:17 AM

Posted 15 October 2016 - 02:20 PM

Heres what I think:

 

1) Malware cant flash a routers firmware. Virus, worms and even scareware can possibly spread to connected machines on the LAN.

     Routers can have vulnerabilities that could make them remotely accessible. If this were to happen a successful hacker could have a field day.

2) Yes. If the router has been compromised its possible to do it remotely.  With some software tools it can be done from within the wireless range of your router.

3) yes.

4) dont understand what your asking here

 


How Can I Reduce My Risk to Malware?


#3 resertedlab

resertedlab
  • Topic Starter

  • Members
  • 143 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 15 October 2016 - 03:11 PM

shelf, good info :) I will just clarify a few things:

 

1. I never seem to understand this,  if you do not exchange any files with the rest of the machines in the network, the only way i see it possible would be if the virus trick you to install some update to false program, but as long as you update only secure programs and have good antivirus, could a virus or any type of malicious software still manage to pass. My router it self was not compromised, but i connected a laptop i suspect was compromised to my home wifi network. All my other machines have firewalls, antivirus and malwarebyte protection.

 

2. So if one is good enough and had access to my home network,  he could now steal cookies/credentials and all type of network traffic even far away from the range my router?

 

3. That cookie/credentials stealing could still happen even if you are not connected through the wifi, but through the cable? (the network traffic you do through the cable is still intercepted by the router, therefor it could be compromised, is that what you mean?)

 

4. I asked if all this stealing process is happening, does sites that use private credentials https (like faceook and gmail are supposed to be encrypted) are safe or a good enough hacker could still manage to steal and use them. 

 

Also, if someone steals your cookies and credentials from your browser of facebook account for example, and he uses them on his device, will the information of his IP and device get recognized, or it will seem as its just you who is logged. I will try to explain, each week we download the data information of our company's facebook page and check for unknown IP's or devices that had logged in. We use this security method to prevent someone being messing around. If someone has stolen my network traffic like cookies and credentials and and now has access to our facebook page from his device and ip, but using the stolen credentials and cookies from my device, will the site recognize it as new device or it will not show his ip and device but only mine (that he stole) I hope you could realize what i am asking here. Because i have tested for example. when i switch from Wifi to mobile network on my tablet, when we later download the data is shows that the session was updated, and shows the new ip.


Edited by resertedlab, 16 October 2016 - 02:15 AM.


#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,707 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:02:17 PM

Posted 16 October 2016 - 07:10 AM

Router malware exists in-the-wild, not just as proof-of-concept.

 

Here is an example: https://isc.sans.edu/forums/diary/Linksys+Worm+TheMoon+Summary+What+we+know+so+far/17633/


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#5 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:17 AM

Posted 16 October 2016 - 09:48 AM

I will try to answer your questions:

 

1. Some malware can spread from one machine to other machines on your LAN. Worms for example can replicate and spread through a network as is. Of course having updated AV and antimalware running on all could prevent this.

Routers can be attacked from the WAN facing side also, as in the link Didier posted.

2. Yes.

3. Yes if attacker has control of your router all (except HTTPS) traffic can be captured.

4. I believe HTTPS communications will be safe as its encrypted before going through the router. I could be wrong.

5. It would log the attackers ip address, but any self respecting hacker would be behind a  socks proxy, VPN, bot, something to hide the real ip.


How Can I Reduce My Risk to Malware?


#6 resertedlab

resertedlab
  • Topic Starter

  • Members
  • 143 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 16 October 2016 - 12:06 PM

Thank you both guys. Didier its good to know that. I could not find when was this article written, i mean is it new thing or its already couple of years old. I doubt my roommate was able to write or own such malware himself.

 

shelf, but even if he is using hidden ip, it would still appear that different IP from mine had logged to my account, so i will take measures.

 

By the way is it possible someone to still your IP address by any means?



#7 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:17 AM

Posted 17 October 2016 - 04:33 PM

You mean steal your ip address? Your external ip is assigned by your ISP. Ip's are part of every communication and really little effort is needed to find someones ip.  A ip probably wouldnt be very useful to a hacker unless you were a specific target destined for probing.

​More likely somebody would use a IP, for example if your router wasnt secure. Somebody else could jump on the WIFI and use your bandwidth and ip. Or in the case of malware use your machine and ip for sending spam or as a proxy or other activities. All the activity would appear to be coming from your ip address.


How Can I Reduce My Risk to Malware?


#8 resertedlab

resertedlab
  • Topic Starter

  • Members
  • 143 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 18 October 2016 - 02:56 AM

Shelf,i fear if someone can log to my facebook account for example from far distance, Using my own ip so when i check for unknown logged ips i will only see my own. I Am talking about person i once shared appartment with and i suspect he had physical access tomy laptop.ofcourse i will now reinstall windows but since i never noticed any new device orip the last months logged to my accounts I wonder if he somehow was grabbing mycookies and stuff his ip or any type of ip he uses would have shown up in my account registry. Now probably those questions sound crazy but you stll never met my ex roommate

#9 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:17 AM

Posted 19 October 2016 - 07:15 PM

They cant log in from a distance with your IP.


How Can I Reduce My Risk to Malware?


#10 resertedlab

resertedlab
  • Topic Starter

  • Members
  • 143 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 19 October 2016 - 10:54 PM

Ok, so the only possible way of them using my ip from a distance would be if they somehow control my entire device remotely. Thats what i wanted to know, thanks ;)

 

Just one more thing since i failed to understand it clearly, if lets say someone logs to my wifi network, compromise the wifi somehow, can he infect the rest of my devices- laptops, phones, that connect to the wifi? I know that the only way anything can be executed on device is if the user executes it himself? I ask all these because i brought home a laptop that i suspect was physically compromised(not just infected with random malware). Although i found no traces of anything, i  used reset to factory settings and now i am going to reinstall it, but i fear for the rest of the devices, including those of my family and loved ones that also log to the same wifi. I will change my router as well, and i scanned the rest of the devices for virus or malware and they seem to be clear, so basically if someone remotely controlled my laptop after the abuse, are all the machines now in danger(all are protected with Avast and Malwarebytes and scanned regular)


Edited by resertedlab, 19 October 2016 - 11:07 PM.


#11 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:17 AM

Posted 21 October 2016 - 05:00 PM

It depends really on how skilled the hacker is. Script kiddies just may change the user settings, a more skilled hacker would own your network, capture traffic, redirect your  web browsing. If your AV and antimalware are coming up clean then you are probably ok.

If you feel your connected devices have been compromised then you should consider reformatting and reinstalling the OS.


How Can I Reduce My Risk to Malware?


#12 resertedlab

resertedlab
  • Topic Starter

  • Members
  • 143 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 21 October 2016 - 08:47 PM

Yes, the rest of the devices were fully scanned- with all means possible (anti malware and antivirus, including the phones)- nothing showed up, the router will be changed and the possibly compromised laptop reinstalled. Hopefully thats enough, than you for your time :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users