- cross-posted to:
- technology@lemmy.world
- cross-posted to:
- technology@lemmy.world
cross-posted from: https://rss.ponder.cat/post/193175
Thousands of home and small office routers manufactured by Asus are being infected with a stealthy backdoor that can survive reboots and firmware updates in an attack by a nation-state or another well-resourced threat actor, researchers said.
The unknown attackers gain access to the devices by exploiting now-patched vulnerabilities, some of which have never been tracked through the internationally recognized CVE system. After gaining unauthorized administrative control of the devices, the threat actor installs a public encryption key for access to the device through SSH. From then on, anyone with the private key can automatically log in to the device with administrative system rights.
Durable control
“The attacker’s access survives both reboots and firmware updates, giving them durable control over affected devices,” researchers from security firm GreyNoise reported Wednesday. “The attacker maintains long-term access without dropping malware or leaving obvious traces by chaining authentication bypasses, exploiting a known vulnerability, and abusing legitimate configuration features.”
From Ars Technica - All content via this RSS feed
You must log in or register to comment.
I didn’t read the article, but how does one know if they have the infection?
My router is updated.
The real issue with this is actually allowing bad actors having a free ddos network. And this ddos network is spread across nations and across all kind of legit IPs. No cloud ranges. Etc.
Meaning it’s very hard to detect or block.
People still on Windows 10 by next year: I never got a virus.
Bro, you never got a virus that you know of.
If you have blocked so that access to your router is only through the local network, would it still be possible for hackers to gain access?
(Where the attack vector point STARTS with the router, I am fullt aware you can infect a machine and connect to the router that way)
Yes; they’re using exploits to do so.
Wondering same thing. Allowing web interface access via wan has proven to be unwise in general.
Also wondering if DDWRT has the vulnerabilities?
Seems a bit over blown. Looks like firmware update and config reset should close the issue.
Maybe it will survive firmware update. But of course it won’t survive flashing it with a new openwrt image.
it seems it’s because the modem has hidden SSH settings that is stored together alongside your user settings although it is not accessible from your admin panel. So flashing openWRT would also override those settings anyways (even if it does not, those old settings means nothing to openWRT)
