[Ars] Kremlin-backed hackers are infecting Ubiquity EdgeRouters

[Dan Goodin]

The FBI and partners from 10 other countries are urging owners of Ubiquiti EdgeRouters to check their gear for signs they’ve been hacked and are being used to conceal ongoing malicious operations by Russian state hackers.

The Ubiquiti EdgeRouters make an ideal hideout for hackers. The inexpensive gear, used in homes and small offices, runs a version of Linux that can host malware that surreptitiously runs behind the scenes. The hackers then use the routers to conduct their malicious activities. Rather than using infrastructure and IP addresses that are known to be hostile, the connections come from benign-appearing devices hosted by addresses with trustworthy reputations, allowing them to receive a green light from security defenses.

Continue reading on Ars Technica

 

[ddaenen1]

With the ever expanding power of the internet, consumer-grade hardware has been quite a concern to me for some time already. The companies in this arena heavily rely on sales volume rather than price point so the speed to market is increasing fast which leaves only limited time for firmware maturing and vulnerability verification- and improvement. Same reason why i don't want network devices with cloud-based interfaces. Too many points of entry...

 

[cdzo72]

For this very reason I swapped out my EdgeRouter Lite 3 for a TP-Link ER605 v2.... but I would like to flash OpenWRT to the ERL 3 and try to use it...

I have already flashed OpenWRT to the router, but have not been able to get any connection to the Internet through it

 

[tgl]

The "security hole" that was being exploited here was very simple: routers whose admin passwords hadn't been changed from the factory default. Ubiquiti deserve some blame for not forcing users to change that (which I think they fixed in more recent firmware builds) but really this is mostly on the users. Switching away from EdgeRouters because of this report is pretty misguided.

 

[sfx2000]

The Ubiquiti EdgeRouters make an ideal hideout for hackers. The inexpensive gear, used in homes and small offices, runs a version of Linux that can host malware that surreptitiously runs behind the scenes. The hackers then use the routers to conduct their malicious activities.

The challenge with some of this older IT gear is that they're not well supported by the vendors...

The most recent issue with EdgeRouters mirrors what happens with MicroTik.

 

[RMerlin]

Switching away from EdgeRouters because of this report is pretty misguided.

Agreed. Ubiquiti does not have a particularly bad track record, so I would just make sure that whatever security hole that is being exploited is fixed on my own end. Manufacturers all have their security issues over time, what matters is how frequent they are, and how they handle them. OpenWRT for instance was affected alongside everyone else that used dnsmasq and offered DNSSEC support, just to name one recent security incident.

 

[coxhaus]

They had logger scripts to catch logons. Which I believe is fixed with software. But you need to wipe and replace software, firmware whatever they call it. Just an upgrade will not do it. You need to reset with new firmware and then change the admin log in from default. This is what I have read. I don't own any edge router stuff.

 

[sfx2000]

OpenWRT for instance was affected alongside everyone else that used dnsmasq and offered DNSSEC support, just to name one recent security incident.

Stones and Glass Houses...

 

[RMerlin]

Stones and Glass Houses...

I think you completely missed my point, which was that no matter what router platform you chose, none of them are immune to security issues. Abandoning Ubiquiti after just one specific incident isn't going to land you with a perfect alternative. I mentioned OpenWRT only because it was his chosen alternative to RouterOS.