Evaluation and article: Small/cheap routers not secure

Discussion in 'hardware' started by chimpsgotagun, Apr 19, 2013.

Thread Status:
Not open for further replies.
  1. chimpsgotagun

    chimpsgotagun Registered Member

    Joined:
    Dec 1, 2012
    Posts:
    55
    http://securityevaluators.com//content/case-studies/routers/soho_router_hacks.jsp

    http://news.cnet.com/8301-1009_3-57579981-83/top-wi-fi-routers-easy-to-hack-says-study/

    Have these been discussed already here? The article is just couple of days old. The evaluation studied 13 SOHO routers, but haven't yet revealed all the routers yet. Those that are revealed, were:

    Linksys WRT310Nv2
    Belkin F5D8236-4 v2
    Belkin N300
    Belkin N900
    Netgear WNDR4700
    TP-Link WR1043N
    Verizon Actiontec
    D-Link DIR-865L

    Here's some previous discussion on the topic:
    https://www.wilderssecurity.com/showthread.php?t=335838
     
    chimpsgotagun, Apr 19, 2013
    #1
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,219
    Incorrect. Even though that article is fairly sensationalist, it still highlights that most of the attacks require some form of human interaction, like a page with javascript thingie and whatnot, with your router credentials logged in and whatnot, including two local exploits with no interaction, and zero remote with no interaction. But local is unimportant.

    Bottom line, don't be logged into your router if you don't have to.
    Don't follow stupid links - always true, routers or not.

    Mrk
     
    Mrkvonic, Apr 19, 2013
    #2
  3. kdcdq

    kdcdq Registered Member

    Joined:
    Apr 19, 2002
    Posts:
    815
    Location:
    A Non-Sh*thole State
    As a retired networking guy, I highly recommend that savvy networking users read the 'Recommendations for Device Administrators' section in the first Security Evaluators link posted by 'gotagun. :thumb: I find the advice given there to be accurate, relevant, and potentially important in the grand scheme of things. :)
     
    kdcdq, Apr 19, 2013
    #3
  4. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    4,042
    Location:
    Nebraska, USA
    I agree that the advice given is "accurate, relevant, and potentially important in the grand scheme of things" but I also agree the article is sensationalized because as noted by CNET, all of the routers tested had the exploitable remote access features disabled by default.

    Also note it says a "moderately skilled adversary with LAN or WLAN access." This means these routers can be hacked by someone you have already given access to your network. That's a HUGE distinction the study downplays because that means your next door neighbor who sees the RF signal of your network cannot hack your network, unless you open the doors first.

    This simply illustrates what unbiased security experts have been saying for years - the user (or in this case, the home network administrator) is ALWAYS the weakest link in security. Sure, we would like our hardware and software to be smarter than us and protect us from ourselves - but that typically results in a loss of control and options - something we humans don't normally like.

    And regardless, it totally ignores one simple fact, a computer behind a router is MUCH more secure than a computer direct connected to the Internet.
     
    Bill_Bright, Apr 20, 2013
    #4
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...