While possible I can only see this affecting some of the Linux based routers where it is easy to flash in 3rd party firmware. This would be extremely hard to pull off being that you have to first detect the routers hardware revision and then upload the correct firmware for that hardware onto the device. The amount of space needed to store each type of firmware would be prohibitive of the attack let alone the number of different hardware revisions that exist due to manufactures constantly trying to make a cheaper product.
Is the implication here that
Is the implication here that most wireless routers allow administration over a WAN interface by default? That's simply not true...
WAN admin mode not needed...
From post:
Is the implication here that most wireless routers allow administration over a WAN interface by default? That's simply not true...
Response:
No, remote admin mode isn't needed since an infected router would be attacking another router by first joining that router's network (after having cracked WEP, if appicable, and then cracking the admin p/w to update the firmware on the router w/ code that self-replicates).
Not sure how feasible this is given the rather diverse array of routers out there (unlike the more monocultured Windows world). But a scary thought, nonetheless.
More than just possible, inevitable
Linux, WEP, encryption aside; it is surprising no one has reported it as happenning YET.
True, the researchers throw it up as theoretical, but remember, the density of power in the modern electronics world makes even cracking a hard-to-breach system a thing of time, not possibility.
Companies and governments have had nets brought down by those who ignored the doubters. CISCOs and others have been brought down and compromised (shall we forget SNMP I,II,III problems?) before and not been windows based. Our jobs exist because others are there to take even the best systems and turn them into Minced Meat.
It's all a matter of WHEN..... Not IF......
There is always a way to get in!
WLAN admin mode...
I think the poster may have meant WLAN admin mode. The APs I run all have admin mode disabled for WLAN interface and WAN interfaces. This reduces the attack vector to systems on the LAN interfaces.
If they're in that far - you're pretty much screwed.
Also, infected router doesn't need to store firmware for many types - it could retrieve it from a centrally managed server "on demand" to infect systems.
All this bug really needs is a system to detect adjacent access points (many APs have this feature today) - scan the AP to detect kind and determine if it is one that it can compromise - fetch the applicable 3rd party firmware and then load it.
I would imagine that most clueless users (the ones who would put up a router with default config unsecured) would notice their system has been stung.
Owning their router would allow a remote packet sniffer to be run or optionally set up a packet mirror thru a vpn tunnel to a listening post. Could also use owned router to launch directed attack at local systems on LAN, as many users think the router is a full featured firewall that protects them from all the badness on the other side.
Pretty interesting research.
It's here because I have it now.
Is there any way to get rid of it and make my router safe again. What do I have to do? I have 3 computers on that router and using ATT DSL modem, which I think started it all.
Post new comment