The New Cold War warms up a bit...with your router

Couperin47

Member
SoSH Member
Today we get far more details about the VPNFilter malware and it's way more serious:

https://arstechnica.com/information-technology/2018/06/vpnfilter-malware-infecting-50000-devices-is-worse-than-we-thought/
https://arstechnica.com/information-technology/2018/06/vpnfilter-malware-infecting-50000-devices-is-worse-than-we-thought/
My main takeaways, to be instantly corrected by some here who have more knowledge, if I make any main blunders:

1. This is not the work of script kiddies or even major Russian mafia, this is highly sophisticated state sponsored low level outright warfare and Putin ain't gonna stop til there is serious pushback.

2. It's a vector against hardware that has always been a security joke, as I mentioned in another post, most consumer routers use chipsets from just 2 sources, none of the brands you know/purchase are made by companies with the technical knowledge to really design this equipment, they tinker at the edges with the hardware and software provided in the prototype designs provided by the chipset designers, This means attacks are usually applicable to most brands/models.

3. We still have no way of ascertaining if you have been infected at Level 1 and the subsequent infections are now known to be able to cover their tracks almost perfectly.

4. It will take most of a year til new routers, using new chipsets that make at least a decent attempt to avoid such hacking appear, so running out and buying something new, unless it's considerably more elaborate/expensive than the average consumer device is probably pointless atm.
 

SumnerH

Malt Liquor Picker
Dope
SoSH Member
Jul 18, 2005
31,893
Alexandria, VA
My main takeaways, to be instantly corrected by some here who have more knowledge, if I make any main blunders:

1…2…3…4…
5. Run DD-WRT/OpenWRT/Tomato or similar, never use a stock vendor-created firmware if you can help it. The open-source stuff isn't perfect but at least it represent pooled resources shared across many hardware platforms and with the broader OS community, rather than one vendor's overtaxed engineering department that's underincentivized to worry about security.
 

Couperin47

Member
SoSH Member
Tips if you want to try and take advantage of the Open Source option:

Really low end routers often don't have enough memory to install DD-WRT/OpenWRT or Tomato, in some cases cut down versions have been crafted. Google your exact model (and version, several major brands: Netgear and dLink especially will have 4, 6 or 8 'versions' of the same model number and in these cases the entire design, even the brand of chipset may have changed, NONE are 'compatible' you need the exact MODEL and VERSION) and any of the 3 options above to see if there's a version of Open Source for your exact router. If there is, read up on installing and using it before you install, all 3 are much more elaborate than the already confusing firmware from the maker, it's VERY techie, unfortunately.