[ Date Index ]
[ Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
Re: [LUG] Routers was Re: [OT maybe] CVE-2016-5195 vs Amazon FireOS 5.6.2.0
- To: list@xxxxxxxxxxxxx
- Subject: Re: [LUG] Routers was Re: [OT maybe] CVE-2016-5195 vs Amazon FireOS 5.6.2.0
- From: Paul Sutton <zleap@xxxxxxxxx>
- Date: Tue, 24 Jul 2018 10:35:02 +0100
- Autocrypt: addr=zleap@xxxxxxxxx; prefer-encrypt=mutual; keydata= xsFNBFmTam4BEADRmZImEFNQVkDnI/YDDzc/7+Jmz421eQy6/8Go6gitESbI21f8SxXr2xWh pNgFSnfR+WzVvfkUJ8z0ObNrVMuzcfYyiiUt6rJzV2yIPKP6hCYvTn83mS9P3k8wkJ/8yjRA JWHY06SC/Z3h1CTD2S67a4v8Cm428mAk5fdrMvyd1dnoDR9hlvp5ufiqVW/ltmJqQqE3HT/1 /qU/4GtbkgoSIgSeq2e3ABq8u8SnyQq27vNX69jIuMoLjhKChEVvHF2PPQVxJXjx1Wdj3OHn 3PQfTvGrWe+w0FOD16Ch6OoemsHsfrU813AsENTGbqHeS1BuvJGLPcqagbIaqmSJnoBGIY0m 8aldcmRIll/blKiYDkLcrhAZCJBkYSU8Lfqo0V3cQ17CZmHYzX/ng936+dYOwYOYIf5dhTJ+ JOwEEs5j0JQuwH8EA8CI2RQPN7NDiw+/K/u6WWVr48AjeVjgLxbskeSdKG0hJ5eemsrjVYY7 sYwv82dhQHmm4XfjLpKuaKUSoaGV5Qy210eZqyDBy7es925c4KBvSwLpeB8C8NbFXGVHj7nc wCyXXxGvSOO1aQue+goXgiO/JeuuRsU4ZdQcnrETV1ySsJrvH3CQyX7T4ZUbvCp95pkKExjf 3hoxmnHpGfKFQ7UMEz8WLqw1Qry4ote21/rdIl4mvUUBQJJDpwARAQABzTVwYXVsQHRvcmJh eXRlY2hqYW0ub3JnLnVrIDxwYXVsQHRvcmJheXRlY2hqYW0ub3JnLnVrPsLBfQQTAQgAJwUC WZNqbgIbIwUJCWYBgAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRCrQnqThftq7XLMEACN fjMx8SkQh7HPethnZfHb+wGm09yL+W51dzK7glq6gPz/YH7b0jeLbcdnkrKclMJvflAYdxBX jj07X+aOV9lmIjHG2Kf2yQj5qlxEAMUAGhTO+B8jSXeWgPT0Yx5uoe5dvVY8JRjv1eu+p43j t2TthtOARHDO0xkUp5lYIHVcPmD5fNulDYC9/sFog/CmkxpfFAomGokxwwXVLTv1pAVZ4JTG g2gRqWUXighqfXWXdGPSNc6S2nBFWAqi+08NLKV9m3wcHx9al7bheulcXCDB8FAMU4ezxuzb PsnWXP/LQBROWNgHjsnjeKxSrvbvJaDdZLL9tSA4rSCVSF1O7gQgS5ZyjmipnERkdhvG/Ikv ZY8PPFY1UlR7cjyKvQZYXbh+UB3oe8Peq8yHpRirO/jjOd73qmkSPwFJVeLO8dncIuc3kTj/ F5we/Bg2jPXv1qa8CaSn3XiQHgy0gynv2qHClvwm2MiFIGFegmqZLhMky5U14XQDfycLDlVs +mTqnwohr+PV0LbQOp4I6yTZC/u6DQ077eomD/xUdb1aIp9JpkQJRLFAuX7Mopiu0jjt9o1l 9yKQTN+p4p15EzoibuZHYDQ8+Lf6cg1BIaQgr3Lssz4yDzJl5Z5e8f7UZkWJ/E/30ngorcaC kvYVvSZJaDqsFXE9ddrO4scgYu5xs91AOs7BTQRZk2puARAAwIN8GQEnbCQr+sDr6e2kUSA/ NgrCEOK66Q+18Njhm0TCAlVeU/BCdgUqEyvINcVnFPljI/WZT6sXH+hzKGRwnIlEtzVFKNAS 7XuO1U/TpUax77G6R/cd2FHk8mZ+CDSW+7WvdHTTi/VxgOMm1EsoRHM4s9AonT8rWnBV10IM qBJU/8/AwYZKgihZmcC7ZF9N0Cs1elkdTSmaiM+2WIFI9vZbp8GtAIKsouaRHB4sEvFPBKVc C57NPoAWOk7SjSviuAg5A6e5LY7ixfQaHQfGsxnzZuLTcJEWVGqKt4OlrQZZVpnRresIUyan 4ntKnHuMwkaSq+mrBva2e64SJL4J/1TlmokLo0Kmqrm+qymxnU0TbYN5qO8t/nMXK/AtVzMx SyFQ9EHUuKVv4cvnpe32fRE7sfdMQpRYm+Y0CRN9vwRTPL0KI8O88kDzLvdQApHWiNUU4NBa kH/aMhKonNg9vVN0hmIoLjZciePyyMbjsNJSXEYkmKLW+R4YVit8xAUNRrO5HZVViIH4G3ir dXjU19spIs9omoZVUtqGQcE5OKKd+zDcjBu1GKJDCl08HBU7CH0pc859eUpdzV+A8LIyt16E 9J4XG+jWZlfHAAlZ62WT0W47Mi9dLer1AuH7jbSgkIj6BJjbUdAMmI027/WX0ELhftXlurUa SsROLDDOoHcAEQEAAcLBZQQYAQgADwUCWZNqbgIbDAUJCWYBgAAKCRCrQnqThftq7YQ9D/49 Bk2iZvxpKyJ2CNogaqnR0ZoB2Y0HjgvufwoJ+WzJTw8BCloTG2q9q22VLZ9wvndMqk28o5iz oKiU+LgOcV/Vi1kuJf+WcgUAr+oLCwnQOsP7vc3RM817zUasxuCqw28sJ7/ysEtJ3mhRD4se 2+shRgrQEZf1AopgJGbGuNu9ffGQA0f0pp9/JJCzCsIhh0ezhkwsPJtXuJQKRW7+ch2d/Yhy aE1gV2QZiKI+X9LWm1VM4JV91WFrzckgM3wrK3ZR8iO4XmJunGoARbgvL/nrszvcmUXkfqWT ADUwVqY2XrWPYpWnEXl5O4MD1OXiP0cxy/rtjtDq79xy0acua2HZN+ltz4401l2pXQxy9oT7 ADexhwIgUXUzdFLj8ET2Pf1ZJFiJlX2Lc4s8rVTD8YUtNMmCExvp0eRbm+gy5BRHprM1+H78 b5dDjn9kmuoGul7ucroFJOWH9KPn7qBw5fV+qoturh7RDnyiW0QwCNDt9h4liJuNrNfekbaD /YDMdUQVaiDhfti/FMZ6SAuTRU3XrL5jWGlOpDIbGA08po+gFt6YLu7uyCS4YPF2CloE2WA0 zmuZNmceEZUiqAu1IijDfUWmBz+ft6gylnAZTlCct7TZEwPnTZn7Pjq9YxlQFOjFnpZFADmv zsqFRCPJ1C4Ck6cMepXK+kC8ibqTadAkew==
- Content-language: en-US
- Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dclug.org.uk; s=1523264761; h=Sender:Content-Transfer-Encoding:Content-Type :Reply-To:List-Subscribe:List-Help:List-Post:List-Unsubscribe:List-Id:Subject :In-Reply-To:MIME-Version:Date:Message-ID:From:References:To:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner:List-Archive; bh=fG92U+IpHqUB+j04zhWDB+qFf8JhL7F2W3xL7IvdlkY=; b=JeIHTc4n6vn+pn1vVNeLQfaUcB 09++CoM4vYvFOjHTwBifwwYfr3qHx4DcSJic3W1fYji+QBowWytvuNt1+3iHJleXB6yWWCrUS4+J5 mcxNqgSJoDh27OQISDseZsH0CwflWoaCju7rWeZG5NAhzXoy0T80RqwnQV2gmYNIg5ZE=;
- Openpgp: preference=signencrypt
On 24/07/18 10:15, Simon Waters wrote:
> The problem with routers is market failure.
>
> It’s almost impossible to buy a broadband router which has decent security stance
> or updates, it is just it hasn’t been exploited much.
>
> The recent example would be the “VPNFilter” malware. This is malware that runs on
> a broad selection of SoHo routers that use Busybox on Linux as their OS.
>
> The innocuous name is one chosen by the authors, don’t be fooled this is almost
> certainly written by actors working for Russian Intelligence and is being used
> against the Ukraine.
>
> It can be used to target specific traffic, or to DDoS websites, or to brick
> vulnerable routers (I suspect bricking is there as a feature mostly to hide their
> tracks, why destroy your own bots).
>
> But it is just a symptom of a bigger problem. These aren’t deep hacks that only an
> intelligence agency could find, indeed some are patched already if you upgraded...
>
> But the manufacturers aren’t fixing issues generally. My TP-Link router was
> vulnerable to XSS via DHCP as per my post in Full Disclosure 2014(?). They’ve sent
> me a beta copy with a fudged fix for the issue, they’ve not yet released it for
> other TP-Link users. As far as I know they haven’t fixed the other issues I
> reported.
>
> But the other Security folk tell me their routers and manufacturers aren’t any
> better. I think some of the ISP managed routers are a bit better, but only because
> security folk tested them independently and BT and Virgin have buying power. And
> BT has abused their access to people’s routers, so not sure I’d recommend that
> route.
>
> As an end user there is little you can do. Sure keep it up to date, change the
> default password, avoid exposing the admin interface externally, will help.
>
> Changing the default IP address is probably a good idea for obscuring the
> vulnerabilities but we are stepping out of the typical end user’s comfort zone
> (heck we lost 90% of average users at login, let alone change password), and it’ll
> only stop those attackers after the low hanging fruit.
>
> We take the practical approach at work, we assume the router is compromised and
> engineer our use of the Internet to avoid trusting it, but realistically that only
> gets you so far. If it is being used to attacker others, or if it is being used to
> target other devices in your house like a Smart TV (something say with microphone,
> cameras, or maybe something you enter your credit card details on...), simply
> keeping our work kit clean doesn’t stop all the issues of interest.
>
> As a buyer you can take security and patching into consideration, but once you’ve
> bought it is hard to influence anything.
Thanks for this, makes things a little clearer and that there is also
little i can do other than what I have done already.
There is an article in one of the recent linux magazines saying the
biggest problem with things isn'[t that these problems are not being
fixed, but people are not patching their systems, which confirms what
you have said.
With the rise of pi jams, tech jams, CoderDojos etc is there a way we
can help the next generation? I think even just having this
conversation helps.
Paul
>
--
Paul Sutton
http://www.zleap.net
Friendi.ca :zleap@xxxxxxxxxxxxxxx
--
The Mailing List for the Devon & Cornwall LUG
https://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq
