Mr. Black malware

[jlake]

https://www.incapsula.com/blog/ddos-botnet-soho-router.html

https://www.yahoo.com/tech/how-40-000-home-routers-got-hijacked-and-how-to-118878523784.html

 

[wh7qq]

Leaving your router open to remote administration is an open invitation to hackers. Failing to change the default username and password is just plain stupid and lazy.

 

[MonkeyK]

Probly so. I have recently come to the opinion that routers should be built to not work until admin credentials are set up (probably via a direct connection)

 

[Chrysalis]

some isp's do these measures, they will either supply routers with non standard passwords set, or force a user to set a new password before it goes online.

so it is possible, but for whatever reason we dont see that on routers sold directly to consumers, and on custom firmwares like dd-wrt etc.

 

[System Error Message]

some routers have backdoors and vulnerabilities that even without remote administration they can still be hacked. Im never fond of using consumer routers as they are.

 

[Nullity]

Beyond the most basic of designs, everything is vulnerable.

I liked the internet more when it was more about exploration primarily as a curiosity with optional sinister undertones. Vulns are a serious business now with the internet being a literal life-line for so much.

 

[poisonbroke]

The number one thing to do to protect your router is to turn WPS off!!
Every new Xfinity router has WPS on by default.
I can crack your password in under 10 seconds with my little Aspire laptop running Linux and using a Reaver with Pixy attack.
There is no brute force required! Hiding your SSID wont help, changing the routers password wont help, WPA2/AES or TKIP doesn't matter....
It doesnt matter how long your password is.... I'll have it in 10 seconds!
TURN OFF WPS!!!!!!!