83% of the routers contain severe security issues

Discussion in 'Frontpage news' started by Hilbert Hagedoorn, Sep 29, 2018.

  1. Killer344

    Killer344 Active Member

    Messages:
    50
    Likes Received:
    0
    GPU:
    MSI 1080 TI GAMINGX
    Get an IQrouter, thank me later. It'll do a lot more than keep you safe.
     
  2. PrMinisterGR

    PrMinisterGR Ancient Guru

    Messages:
    7,821
    Likes Received:
    711
    GPU:
    Inno3D RTX 3090
    A router running Openwrt with Cake qos and Atheros wifi adapters. There is nothing like that, nobody should bother with anything else.
     
    insp1re2600 likes this.
  3. anticupidon

    anticupidon Ancient Guru

    Messages:
    6,082
    Likes Received:
    2,451
    GPU:
    Polaris/Vega/Navi
    Those who flashed DD-WRT on their router can sleep better?
    My pfSense box project is 95% finished, more reason to hurry up.
     
  4. Size_Mick

    Size_Mick Master Guru

    Messages:
    599
    Likes Received:
    369
    GPU:
    Asus GTX 1070 8GB
    It would be really helpful if the firmware updates that vendors provided were checked more thoroughly for bugs. More than once I've flashed a new firmware only to find that it breaks features of the router, and had to flash to an older version to make it fully functional. This has been across multiple brands popular with consumers.
     

  5. X7007

    X7007 Ancient Guru

    Messages:
    1,636
    Likes Received:
    38
    GPU:
    Sapphire 6900XT
    Or MikroTick hAP ac^2 router which have it all and you never need to restart it only when it updates, and it has a lot of update which gives improvements all the times, and it's tiny like a little watch box.
     
  6. Enizax

    Enizax Master Guru

    Messages:
    247
    Likes Received:
    0
    GPU:
    RTX 3090 TUF OC
    At this point, would the only way to be remotely secured to go full manual with something like a PFSense box?...
     
  7. anticupidon

    anticupidon Ancient Guru

    Messages:
    6,082
    Likes Received:
    2,451
    GPU:
    Polaris/Vega/Navi
    looks like it. even so, hardware firmware's could betray you.
    very few processors are truly open and have their internal software blobs audited for backdoors.
    paranoia never ever stops.
     
  8. antiseptic

    antiseptic Member

    Messages:
    26
    Likes Received:
    10
    GPU:
    Nvidia 750
    Actually, since its referring to only a selected group of routers, it is "of the routers" and not "of routers." "Of routers" implies all routers in existence, while "of the routers" implies only the routers selected for this study.
     
    airbud7 likes this.
  9. insp1re2600

    insp1re2600 Ancient Guru

    Messages:
    1,764
    Likes Received:
    719
    GPU:
    3090 Vision OC 24GB
    Only way you can trust your security is to secure it yourself.
     
    Enizax likes this.
  10. PrMinisterGR

    PrMinisterGR Ancient Guru

    Messages:
    7,821
    Likes Received:
    711
    GPU:
    Inno3D RTX 3090
    I would recommend openwrt over all of that, even if you have a dedicated box.
     

  11. Corrupt^

    Corrupt^ Ancient Guru

    Messages:
    7,060
    Likes Received:
    358
    GPU:
    Geforce RTX 3090 FE
    Honestly only your ISP knows... or maybe you if you can log into that thing.

    In Belgium the ISP's have the tendency to occasionally push firmware updates if it's a big issue or needed for upgrades in their own network. But no idea how they operate in other countries.

    Though for anyone tech savy enough to figure out networking basics, I'd always advise people to get a "dumb modem" from the ISP and make sure you get to configure your own router with the external IP address from the ISP. In some cases a modem isn't needed, some DSL providers use PPPoE and will allow you to initiate the session from your own router and use their existing gateway/router as a dumb modem/switch.

    For Coax modems, motorola usually designs a modem only model as well.

    In general if an ISP doesn't allow me to do this, my reaction is that they can go f' themselves. Though not everyone will have that luxury due to ISP's sometimes having a monopoly in certain areas.

    Honestly best practice would be offering both options openly. In Belgium we have 1 COAX ISP and we often have to nag endlessly to get a motorola modem-only model. I think ISP's should just be flat out forced to offer both options without question.

    A customer should be allowed to manage his own home internet properly. Obviously most normal users don't care, but the idea that I wouldn't be allowed to manage my own home network properly still baffles me.
     
    Last edited: Oct 2, 2018
    airbud7 likes this.
  12. sykozis

    sykozis Ancient Guru

    Messages:
    21,870
    Likes Received:
    1,081
    GPU:
    MSI RX5700
    My ISP requires that their supplied "modem/router" is used. There is no option for a simple "modem".....or, in my case, a simple "gateway" device. At least with the last place I lived, I could have wired by own router directly to the ONT if I didn't care to watch TV on occasion....or have a kid that likes to watch TV. I have found that my ISP almost never updates their supplied "modem/router".... The unit I turned in a couple weeks ago was still running the same firmware from 2 years ago. The unit I had before that was running 4+ year old firmware.

    It was nice to see my router on that list of tested routers. Also got an e-mail from Netgear that there was a new firmware update released for my router today. Not happy that the list of "vulnerability free" routers was not published.... This is now the second update for my Netgear router in the last 2 months.
     
  13. Corrupt^

    Corrupt^ Ancient Guru

    Messages:
    7,060
    Likes Received:
    358
    GPU:
    Geforce RTX 3090 FE
    You mean the TV boxes need their own seperate IP address from the ISP? That can often be done if you can configure separate VLAN's, etc on your own router.
     
  14. sykozis

    sykozis Ancient Guru

    Messages:
    21,870
    Likes Received:
    1,081
    GPU:
    MSI RX5700
    The ONT I had at my old place only allowed 1 connection to be active (according to all data I could find on it). Either the COAX, which required a MoCA bridge (which is built into the supplied "modem/router"), or the ethernet port. The "modem/router" could be replaced by a pair of MoCA bridges (again, according to all data I could find), but then TV service would not function (also, according to all data I could find). The new "ONT" doesn't support ethernet at all.... It's COAX only. All of the equipment installed by my ISP, is supposedly "custom made" for my ISP so they can force additional (read: unnecessary) equipment on customers. They charge $18/month for a STB and $10/month for the "modem/router"....so, why not force additional equipment on customers? That's extra money they can collect. I'm sure if they could figure out a way, they'd charge a "rental fee" for the ONT as well....
     
  15. Mateja

    Mateja Member Guru

    Messages:
    101
    Likes Received:
    12
    GPU:
    GeForce GT 640 12140MB
    and lo ~ I have a router update! thnx for the heads up! (even updated just a month ago).

    if anyone needs help do this:

    open file explorer (the folder icon on the taskbar)
    click "network" on the left
    in windows 10, my wifi router appears under "network infrastructure" as "R7000 (Gateway)"
    right click that > "view device webpage"
    if it's netgear, The user name is admin, and the password is password
    you may see a flag to update firmware at the top of that main page, if not,
    click "advanced" tab > click "administration" on the left > "router update"
    again, you should see update firmware, but if not click "check"
    let it take the time to update and reset your router (no internet for a minute while it resets)

    as for your cable modem, google your device model number. if it's like mine, it says that firmware updates are pushed by your ISP so no worries there :)

    other tips to maximize security:
    - there may be an option to auto update on your router page (expect to be kicked offline sometimes but who knows maybe it's smarter and knows your idle time like windows 10 updates now)
    - keep windows up to date (type 'check for updates' on windows 10 search bar) > click "check now" if they don't appear already
    - keep your pc up to date w/ manufacturer software (for me it's the "Lenovo vantage" windows 10 app. this pc updates its bios etc a lot)
    - use a wired connection directly from your cable modem to your newest PC (a new chipset that's designed to not have spectre and meltdown vulnerabilities etc).
     
    Last edited: Oct 2, 2018

  16. sykozis

    sykozis Ancient Guru

    Messages:
    21,870
    Likes Received:
    1,081
    GPU:
    MSI RX5700
    Plenty of reason to worry there. Not all ISPs actually bother with firmware updates. Like I said above, the ISP provided "modem/router" that I returned last month was still running on the same firmware as when I received it 2 years ago. The "modem/router" that it replaced was running on 4+ year old firmware.

    A wired connection directly to a broadband modem is NEVER a good idea. Consumer grade broadband modems lack security features necessary to protect a network, much less a PC. Meltdown and Spectre are NOT chipset vulnerabilities. They're CPU vulnerabilities. Intel would have to develop an entirely new CPU architecture to address the vulnerabilities correctly.

    Has Lenovo finally removed all of the spyware from their software?
     

Share This Page