FBI Suggests Rebooting Your Router - Any More Information?

[RadDave]

Hello All - this morning in both the newspapers I read (local + USA Today), articles appeared about the FBI suggesting that all should reboot their routers - more HERE - not sure if all brands of routers are potentially affected and whether a router's age/firmware have an impact?

For myself, I have an older Apple AirPort Extreme (firmware updated as far as possible) that was purchased in 2013 - I'm sure many have seen this story and suggestion - just returned from a short vacation and typically turn my router off went away, so rebooted on Monday - any comments would be of interest - thanks. Dave

 

[IWT]

Hi Dave.

As far as I can see, this seems only to apply to the USA; or put another way, I've not yet come across any articles of a similar nature in the British press and media.

Reading your linked article implies that rebooting/restarting the Router is of limited assistance and that a total reset is advised - with the resultant nightmare of reconfiguring all your settings. A change of Password (PW) is mentioned too.

Ian

 

[Raz0rEdge]

The article is missing a lot of technical details, but this likely affects older routers that didn't require people to change the default passwords allowing people to potentially install/run malware on it. However, I'm confused by the recommendation to reboot which will somehow magically fix issues. Beyond getting you a new IP address, the reboot doesn't do any sort of cleaning or anything.

 

[MacInWin]

Well, the article does say that routers in 54 countries are affected, so there is that. But then again, it also says that rebooting the router is unlikely to fix the issue if the router has a problem. I cannot figure out what the value of rebooting the router might conceivably be.

 

[RadDave]

Thanks Guys for your comments - I agree about rebooting the router, i.e. don't understand it's value since the presumed attached computers are the potential victims - also, seems that routers left by their owners w/ their 'default' passwords are more vulnerable, which may impact more on the usual named brands? Not sure if Apple's AirPort line of routers are affected? Dave

 

[pm-r]

Beyond getting you a new IP address, the reboot doesn't do any sort of cleaning or anything.

I cannot figure out what the value of rebooting the router might conceivably be.

+1. Add me to the list with the same comment.




- Patrick
======

 

[harryb2448]

Here's why allegedly:-


https://www.washingtonpost.com/news...boot-your-wifi-router/?utm_term=.6a5d8a2186e9

 

[Raz0rEdge]

OK, I had to go to an actual technical site to get them to have information that remotely made sense. These generic sites are lacking the information to indicate the depth of the issue.

Ars Technica has a more detailed article about the issue. As I suspected, the issue primarily targets Linux-based routers from the bulk of the consumer brands out there. Apple airports are not based on Linux and as such are "immune" to this issue. Additionally, as explained by the article, the reboot is NOT to wipe anything out, but rather to have the malware (which can only be removed by doing a firmware upgrade) go back to Stage 1 of it's initialization sequence and when it tries to contact servers for Stage 2, the FBI is going to intercept it and start tracking the router/device.

 

[RadDave]

Thanks Ashwin for the Ars Technica link above - the list below is from the article for those interested. Dave
.

 

[Raz0rEdge]

I'm still a little lost on the actual infection method. Having your computer get infected is one thing since you had to download a package and run the installer. You never actually log into your router to download anything (outside of firmware updates) directly on there, so how does this work? The only thing I can think of is that a router which broadcasts WiFi and had the default (or no) master password set, so someone would have to physically get access to the router's WiFi network to infect it. Once infected, can that router remotely infect others?

 

[pm-r]

I'm still a little lost on the actual infection method.

+1. Add me to your list Ashwin, and I'm also confused as to how it's going to be spread and put into use on any connected computer.

I fell quite safe considering how normal "File Sharing" doesn't always work as expected.




- Patrick
======