1. 17

  2. 7

    More evidence of the importance of moving to entirely encrypted traffic, thereby defeating the traffic stealing elements of this type of exploit, as well as moving to application-layer authentication (instead of network-layer authentication), which means even in a privileged position like your router, you can’d do any additional damage.

    1. 2

      I guess I should be thankful that my circuit breaker just cuts off electricity when there is too much load so it is like a forced reboot at least once a month.

      The FBI recommends any owner of small office and home office routers reboot the devices to temporarily disrupt the malware and aid the potential identification of infected devices. Owners are advised to consider disabling remote management settings on devices and secure with strong passwords and encryption when enabled. Network devices should be upgraded to the latest available versions of firmware.

      I would like to learn more about this. I am pretty sure Verizon has a backdoor to my WiFi router FiOS-G1100. Does anyone else have this router? What do you see when you go to http://myfiosgateway.com/#/monitoring ? I see

      UI Version: v1.0.294 Firmware Version Model Name: FiOS-G1100 Hardware Version: 1.03

      1. 2

        Access to your router is likely not publicly routed. I can’t access that web page (connection failed).

        1. 1

          Ah, I should have mentioned you need to be at home behind your FiOS F1100 router, log in and click on system monitoring on the top right corner.

          Here’s the router/modem in question: https://www.verizon.com/home/accessories/fios-quantum-gateway/

        2. 1

          Why do you think Verizon has a backdoor?

          1. 2

            They along with other ISP’s took tens to hundreds of millions to backdoor their networks for NSA. That was in leaks. You should assume they might backdoor anything else.

            1. 1

              Got a link to the specific leaks?

              1. 1

                Forbes article.

            2. 2

              Once man’s backdoor is another man’s mass provisioning service.

              1. 1

                Maybe I used an incorrect technical word. I meant to say I think they can remotely access and configure the modem / router.

                1. 1

                  ISP’s backdooring home routers isn’t unknown, where here I use ‘backdooring’ to mean “ISP can log in and make changes even though most home users don’t know they can do this”. Some use it to push out router firmware updates (for their preferred models).