What's new

Article on how easy it is to hack routers, uses RT-AC66u as examples etc

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

In the article is a link to
http://securityevaluators.com//content/case-studies/routers/soho_router_hacks.jsp

lists the 13 routers and Asus AC66U is not among those listed as tested.

http://news.cnet.com/8301-1009_3-57579981-83/top-wi-fi-routers-easy-to-hack-says-study/ ( it was posted April 17, 2013) thought I would share, since it seems to have multiple pictures of Asus routers ..

It doesnt seem to pinpoint what causes the vulnerabilities, but I assume Merlin's build suffers from it as well since it is close to stock?
 
They show a big large Asus router, they show screenshots of an Asus router, they mention "routers like this one", and in small prints they specify that "this actual router was NOT tested".

Totally unprofessional, if you ask me. Almost makes you wonder if there wasn't any ulterior motives behind the article...
 
They show a big large Asus router, they show screenshots of an Asus router, they mention "routers like this one", and in small prints they specify that "this actual router was NOT tested".

Totally unprofessional, if you ask me. Almost makes you wonder if there wasn't any ulterior motives behind the article...

I am not an Asus fanboy but I agree it was unprofessional. However, keep in mind that models for 5 routers that were tested are not released yet.
 
I am not an Asus fanboy but I agree it was unprofessional. However, keep in mind that models for 5 routers that were tested are not released yet.

That's true.

Tim posted a very interesting article a few months ago (http://www.smallnetbuilder.com/lanw...3-does-alternative-firmware-break-your-router) about the results of an exhaustive test suite that he ran against various firmwares running on an RT-N66U. Such suites should be a mandatory part of every router development IMHO, as they can quickly expose flaws.

Part of the problem is that these routers are most of the time inexpensive devices aimed at home users. That means they can't afford to spend too much time and money on development and validation (or else they won't be able to sell them at the current price points anymore), or they have to balance ease of use with security. I suspect that if those home routers were made to be as secure as an enterprise device, they would quite often be too complex to even setup by a home user.

There's a reason why a Sonicwall device costs 5x more than an Asus or a Belkin device, and they don't target home users either.
 
Last edited by a moderator:
Hey Merlin,

How long do you think will take for ASUS to roll an update to prevent this issue?
 
Hey Merlin,

How long do you think will take for ASUS to roll an update to prevent this issue?

What issue? No issues were disclosed for any of Asus routers. Not that they are guaranteed not to have any but there was nothing disclosed in this article.
 
Common Sense Precautions

Based on the article which did not specifically mention ASUS:

1. Change the user name and use a strong password on your router.

2. Unless you have the requirement don't enable router administration over the WAN.

3. Log off your router when not actively administering it or looking at the data as if you leave it open on a tabbed browser it is somewhat more likely that it could be hacked.

4. Finally disable the WiFi radios at times when you are not using them (night and days when at work.)

5. Be careful around your home or office about leaving unused Ethernet ports hot if they are somewhere that someone could easily access them.
 
Based on the article which did not specifically mention ASUS:

1. Change the user name and use a strong password on your router.

2. Unless you have the requirement don't enable router administration over the WAN.

3. Log off your router when not actively administering it or looking at the data as if you leave it open on a tabbed browser it is somewhat more likely that it could be hacked.

4. Finally disable the WiFi radios at times when you are not using them (night and days when at work.)

5. Be careful around your home or office about leaving unused Ethernet ports hot if they are somewhere that someone could easily access them.



I might be very dense here, but in the UI for the AC66u there is a way of turning the radios on at a time, sort of a cron job, is there a way in the UI to turn the radios off say at 4:00am then turn them back on at 6:00 am or something every day?
 
Radio Control

In the wireless setup under professional settings (Merlin V26) you have on and off settings for both the 2.4Ghz and the 5 Ghz radios.
 
In the wireless setup under professional settings (Merlin V26) you have on and off settings for both the 2.4Ghz and the 5 Ghz radios.

Yeah i can turn them off, but i have to do that manually. then i can set it up to turn on automatically the next day.

Would have been nice to have UI to turn it off automatically too.
 
Yeah i can turn them off, but i have to do that manually. then i can set it up to turn on automatically the next day.

Would have been nice to have UI to turn it off automatically too.

There is. Check right under that radio enable/disable option:

Code:
Enable wireless scheduler
 
There is. Check right under that radio enable/disable option:

Code:
Enable wireless scheduler

I am feeling super stupid here, but all i see is "Date to Enable radio" where is the "Date or time to Disable radio"
 
I am feeling super stupid here, but all i see is "Date to Enable radio" where is the "Date or time to Disable radio"

If you enable the scheduler and tell it to enable the radio from 9am until 10pm, then the radio will obviously be turned off from 10pm until 9am next morning :)
 
What issue? No issues were disclosed for any of Asus routers. Not that they are guaranteed not to have any but there was nothing disclosed in this article.

a) there are routers that are TBA in the list, they seem to be adding one by one.
b) the picture of the N66 was in the front page.
all the routers seem to be "top of the line"
c) you really would tell everyone the weakness of some router without getting a patch first? I wouldn't be surprised if the guys of the research page did contact ASUS first(or the other manufacturers), before releasing the name of the affected routers.
 
If you enable the scheduler and tell it to enable the radio from 9am until 10pm, then the radio will obviously be turned off from 10pm until 9am next morning :)

I just noticed that its a time range. So sorry your right

I was just being dense

Thanks
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top