ASUS RT-AC87U serial console is wide open!

My home network is also vulnerable to someone disconnecting my router, and replacing it with one of their own.

mecasull said:

My home network is also vulnerable to someone disconnecting my router, and replacing it with one of their own.

Click to expand...

Yes-s-s! I really do not understand why the vendors neglect this huge vulnerability!

netware5 said:

Yes-s-s! I really do not understand why the vendors neglect this huge vulnerability!

Click to expand...

Get a smart switch!

W4RH34D said:

Well I mean, common sense - randomly flipping these features on willy nilly is signing up for a bad time.

Bugs on the other hand, that's when I'm all ears because it's something that is "not supposed" to happen. Now that can end up being something cool, or downright catastrophic.

Click to expand...

Actually, flipping the bits, reduced our support calls - most folks that saw the pads and tried it gave up.

If we knew they were a developer, they knew that the pins were flipped, and they had the correct cables/fixtures to do what they needed to do.

yeah, we also signed the bootloader as well - does that make me evil?

sfx2000 said:

Actually, flipping the bits, reduced our support calls - most folks that saw the pads and tried it gave up.

If we knew they were a developer, they knew that the pins were flipped, and they had the correct cables/fixtures to do what they needed to do.

yeah, we also signed the bootloader as well - does that make me evil?

Click to expand...

Well I mean turning on services that a person knows nothing about could prove to be problematic.

sfx2000 said:

Actually, flipping the bits, reduced our support calls - most folks that saw the pads and tried it gave up.

If we knew they were a developer, they knew that the pins were flipped, and they had the correct cables/fixtures to do what they needed to do.

yeah, we also signed the bootloader as well - does that make me evil?

Click to expand...

To make things even more fun for casual spectators - we booted into L4, and then kicked a signed NetBSD environment - we had upstream firmware that wasn't GPL, hence no linux - and L4 let us work our stuff, along with third parties in a separate and secure environment. Our developers and QA teams, along with Field Engineers all had the right codes/tools, and we shared what we needed for Customer QA teams and third party developers.

Going into 2015 and the FCC restrictions on firmware, one might see a similar approach - it's about establishing privileges on what code can and cannot be changed - done right, and it can be a good thing for all.

embedded firmware is fun

sfx

in other words - security is baked in the design... not added on.

Most SOHO routers - it's not a concern for them, it's mostly an end-user problem...

sfx2000 said:

in other words - security is baked in the design... not added on.

Most SOHO routers - it's not a concern for them, it's mostly an end-user problem...

Click to expand...

I always day dreamed about a router that when it reboots has to reinstall itself off a cdrom. So like, you'd bake up the current settings for the router, all hard coded, burn it to disk, and it runs off that until you make a change. Read only all the way to the physical location of the data.