Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Is there any easy way to check if your router is vulnerable/compromised? Or instructions for disinfecting it as well as patching it?

Like, based on actually being exploitable or compromised, not firmware versions or whatever.

I actually suspect mine is compromised, it's been behaving funny for a month or two, needing to be restarted a lot. (Which, ironically, is a signal of a _buggy_ compromise, your router of course be compromised and you'd never know it if the malware was well-behaved enough to stay out of the way of your usual use).

I can (painfully) update the firmware... but I don't trust that the vendor's most recent firmware actually solves it. Nor do I trust that once compromised a firmware update is enough to eliminate the malware.

For such a widespread compromise... we could use more user-friendly (or even relatively techy but not a network engineer user-friendly) instructions for... what to do.

I guess the reality is that most (non-techy) users will, if they notice at all (due to malware that buggily causes things not to work well for intended uses, instead of staying out of the way), will just decide their equipment is "broken", throw it out and buy new stuff... that hopefully won't get compromised again. Which I guess works for the consumer network harder vendors.



If I were you I'd check to see if your router can run one of the several open source firmware packages like OpenWRT, dd-wrt, or Tomato. In my personal experience the OpenWRT/lede team is on top of security issues, and the router web interface and tooling is completely fine.

I'd be confident that flashing your device with modern open source firmware would solve the problem, but if you're paranoid just recycle the device and get a new one. In any event, I don't see a solution for you that doesn't involve some homework.


In general, I am cautious of running my own open source thing without being an expert in the relevant area (or interested in becoming one) -- having to put something together (and maintain it) yourself seldom, in my experience, ends up _more_ secure or _more_ maintainable, when you don't know what you're doing.

However, routers may be an exception. Apparently the industry has basically no business motivation to keep consumer-grade networking hardware secure, at all. Irrelevant to their profits or reputation.

I'll consider it. When I bought my router I intentionally got one that can run OpenWRT, but never ended up installing it, cause, who's got time for that? But perhaps there isn't really an alternative, unless you want a bot-net-ed router. Which honestly, and with shame, I'd just ignore the botnet sending out spam to other people if I didn't think it was compromising the functionality (and security) of my router for me. Last thing I wanna do is spend time becoming a network engineer after a day of getting paid to write software, but i guess that's where we're at.

(Oh crap, I just realized it could be my DSL modem instead of or in addition to my (wired and wifi) router. I know even LESS about that thing. I think none of these consumer products, owned by people who know a lot less than me, are ever gonna be protected, if even I am intimidated by trying to figure it out).


You're going to have to upgrade your firmware anyway, so why not upgrade to something that actually cares about basic functionality?

Some people unused to open source solutions sometimes have this idea that all software developed by enthusiasts by necessity is hard to use or require tinkering, but that's not a fair picture. When developers share your interests, that's when software gets usable. That interest might not always be UI, but sometimes it is.

OpenWRT (and friends!) is clearly much easier to use and delivers richers functionality than any of the software it replaces. If your router is listed as supported, go for it.


The good reviews of OpenWRT help. The caution is mostly because it's unclear to me how hard it would be to switch it back. But yeah, probably will.


Not to mention the idea that you might Bork your router during installation and have no internet therefore no way to install the old fw version.


It may not be as hard as you think. Doing a little homework, flashing the router with the OpenWRT firmware, and getting a basic config up and running should take most folks an afternoon. If you already understand concepts like CIDR addressing, DNS, DHCP, and NAT then it's an hour tops.

OpenWRT is not a pain to use -- it's not all that different than the web GUI that ships with most routers.


Another option is to buy a pre-configured router from someone like FlashRouters.com (not affiliated, but a customer).

They provide routers with DD-WRT or Tomato pre-installed. Yes, you should probably know how to update your router at some point in the future, but your starting point is probably much safer than depending on the poorly-tested and heavily-exploited factory firmware.


I’d recommend swapping out your consumer grade router for a commercial packaged version of pfSense. Just as easy to setup as most consumer grade routers and it auto updates (if you want) and has a decently secure base. Sure, you’ll spend $50 more, but isn’t the piece of mind worth it?


Yeah, you can start by resetting the NVRAM of the router, (30-30-30 reset) then get a flash chip clip, read the data off the router flash using a raspberry pi, and compare it to the firmware binary from the router manufacturers website.


> user-friendly (or even relatively techy but not a network engineer user-friendly) instructions for... what to do.

I am an experienced SWE and this is not something I can do without setting aside a day or two to investigate all the tools and purchase an RPi.


This is the reason IOT security should be enforced by law.

Oh, you sold a piece of shit insecure WiFi lightbulb that's mining bitcoin, here's a fine for every penny you made.


If you wanted to see whether you could potentially be targeted by this botnet then you can check Shodan (https://www.shodan.io). Just enter your IP address in the search box and if your network has any services exposed to the Internet you will see them.


Google your router model - see if it's Broadcom based. See if you're running the uPNP service. I wish this article gave out more info - I want to know what versions of the service are affected.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: