Many Home Routers Compromised! (Warning)

QuadraphonicQuad

Help Support QuadraphonicQuad:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.
All of those things would require a network connection to the outside world. As soon as any app tried to call home like that, my network monitor (Little Snitch) would make it ask for permission. Something I didn't grant network permission to would get my attention by asking and alert me to take action.
Hey, then you can't say you're unprotected! Little Snitch does well his job and having a Mac reduces your possibilities to be attacked.
 
My understanding of this malware is that it captures the network traffic so while it may not infected your PC directly, it's redirecting the network packets..
It really is far easier to reset your router password and preferably with a mnemonic pass phrase.
Plus if your router is 5 or more years older it's a more than a good idea to update.
 
For those who have ASUS routers, there are firmware updates available from 3rd party sources. Specifically Merlin based firmware. It's updated much more often than ASUS does and has more features. I've been using it on my ASUS RT- AC68U router for around 2 years now without issues.
 
Although this current concern is mainly with older routers, any computer or device connected to the 'net is always at risk. That's always been true, but these days hackers and other nasty sorts are out there, and sooner or later, something will nail you. And I think the notion that restarting or rebooting a router alone is any kind of fix is a fool's notion; at best it might delay the inevitable if someone really wants to target your model, regardless of vintage.

Like pulling out of your driveway, simply getting on the internet highway carries considerable risk of hassles regardless of how safe you try to be.


ED :)
 
For those who have ASUS routers, there are firmware updates available from 3rd party sources. Specifically Merlin based firmware. It's updated much more often than ASUS does and has more features. I've been using it on my ASUS RT- AC68U router for around 2 years now without issues.

I really like Merlin, but the most recent update for the RT-AC66U was said to be the last...and was released before the recent news.

(I know, you're talking about the 68, but I've got a 66 that still works for me.)
 
Network stuff is almost a separate discipline from computing these days. Lots of information to keep up with. I'm pretty sure I'm a bit deficient with that too!

I still think this SOP is secure on the computer end:
Run a network monitor.
Make a master backup clone disk image file for your current OS install when you build it.
Keep a clone backup on a live volume for scheduled backups.
Recovery from anything you screwed up and allowed through the network monitor is by overwriting from the backup clone.
Recovery from missing something screwing up your backup clone is to overwrite from the master disk image.

My analogy of using malware detection software is like leaving your house unlocked during the day and having to check all the rooms for axe murderers every time you come home. Using a network monitor app is like locking your door. So anti-virus apps are not effective and are a wrong solution IMHO.

But now stuff living in router and other network equipment firmware ram...
Christ...

I'm also aware that with the modular nature of software, everything isn't always so simple or as it appears!
Take this example from the procedure to download and make an installer for the latest OSX (10.13):
You have to do a lot of manual work for this now (Windows-esque territory we've devolved into with OSX recently). One part is editing your hosts file to spoof downloading a package that you have already manually downloaded to your local file system (in order to use one of their utilities to put the pieces together and sign it). All well and good with that but note the data point that you can edit some OS files/preferences to spoof where a download is coming from!

I still feel more or less tech savvy but this is getting deeper all the time. And now with the demise of OSX on the horizon it's going to be time to get even more DIY with Linux. So much for anything getting simpler as we progress with this. Pretty much the polar opposite. Anyone who still just takes this stuff out of the box and clicks on the autopilot features... Oh boy...
 
My analogy of using malware detection software is like leaving your house unlocked during the day and having to check all the rooms for axe murderers every time you come home. Using a network monitor app is like locking your door. So anti-virus apps are not effective and are a wrong solution IMHO.
In keeping with your analogy, the anti-virus removes the axe murderer that got in your house. You still want it, but it is part of the solution, not one by itself.
MAC layer IP assignments instead of DHCP on your router to reduce the risk of foreign devices on your network.
Network monitoring
Anti-Virus
Safe surfing
Strong passwords
Changing passwords frequently, don't believe substituting numbers for letters fools or hinders anyone.
current patching
do not use the same password for any site
I can go on but you can see, staying safe is no longer a spectator sport like when we used BBS via modem.
Of course this does little to mitigate the issue when your router gets compromised and outbound packets are intercepted.
 
I wasn't sure if there was enough interest to justify a separate thread....so if the Mods want to move this...that's fine....there is an indirect connection to the topic discussed here....another device has been compromised HERE
 
After reading several buyers guides and customer reviews, I purchased a Synology RT2600ac. Like I had mentioned before, my router is an old Vizio that has never been updated AFAIK. Incidentally, with one of these Synology routers you can attach external drives to them via USB and have the equivalent of NAS.
 
Last edited:
Back
Top