Slashdot Mirror
Ask Slashdot: Can Commercial Hardware Routers Be Trusted?
First time accepted submitter monkaru writes "Given reports that various vendors and encryption algorithms have been compromised. Is it still possible to trust any commercial hardware routers or is 'roll your own' the only reasonable path going forward?" What do you do nowadays, if anything, to maintain your online privacy upstream of your own computer?
'nuff said.
Trust No One!
You still have to rely on the trustworthiness of the NICs. Anything contacted to the Internet can not be trusted.
Sig: I stole this sig.
The answer depends on what you mean. As far as I'm concerned, a hardware router can probably be trusted to be a basic firewall/router. It's pretty unlikely that anyone will come up with a useful attack on a device that's just doing port blocking, NAT, and basic routing. At worst, somebody might DOS it or turn it into a well-connected zombie to aid in DDOSing somebody's server, but neither of those is compromising your data.
Now if you're passing unencrypted data across that router, you might have a problem, but then again, passing unencrypted data across any router outside your own intranet is a bad idea, so nothing new there. And if you're expecting the commercial router to provide a VPN, then the answer to whether it is trustworthy becomes "no", because its crypto implementation cannot readily be audited and verified to be trustworthy.
Check out my sci-fi/humor trilogy at PatriotsBooks.
If any of the above is compromised, you are no better off than with a hardware based router.
If you by hardware router mean a device that truly forwards packets in hardware without involving any sort of CPU, then your best guarantee is the economical one. It is cheaper for the vendor to manufacture hardware without snooping capabilities than with.
Do you care about the security of your wireless mouse?
Commercial. You keep using that word. Remember that "commercial" can sometimes also be a guarantee that you do not get fucked: screw with your customers and that kind of company will soon be out of business.
I'm definitely in the "no" camp on this one, but how about after-market, open-source firmware? I run DD-WRT on my good ol' WRT54G, which I trust a heck of a lot more than the OEM code. How far does replacing the stock firmware go towards securing my home network?
You shouldn't have to trust your upstream routers. Instead you should assume they're compromised and use end-to-end encryption. HTTPS and SSH, for example, specifically protect against active attackers such as malicious routers.
Don't connect
I have switched my entire network to a massive 20 parallel lines using RFC 1149. All packets are compared. Compromised packets are noticed and filtered immediately. Through special in-built markers, exchanging lines out or manipulating them is not possible. All packets are constantly tracked. Bit pricey but worth the money.
100% NSA proof.
Would you trust that they did their homework ?
http://www.routerpwn.com/
I wouldn't.
Our team of scientists and Linux netwokring experts has an open, next generation router project up on IndieGogo right now, but we aren't getting much traction. I guess we missed product-market fit. To the point that we are have modified the campaign to ask people not to buy the router or if they do - risk us not shipping some of the more advanced features that we are working on in this product. We had hoped to release it all as open source but I just don't think that' going to be possible now, unless we somehow magically start getting a ton of orders.
I encrypt everything end-to-end using a Caesar-13 algorithm. The NSA had nothing to do with the development of that cipher, unlike DES, AES, SHA hashes, etc.
If you want to roll your own, there's a great OpenBSD router tutorial. If you're not comfortable with commandline configuration, pfSense is a really great option for old PCs with a few NICs.
This is a big (and, I personally fear, unfixable) problem for the IETF and associated Internet bodies. Of course, router security is only a tiny piece of it. Given that RSA has been revealed as taking money from the NSA to weaken security protocols, who knows how deep the rot goes.
One big fight right now is in over the removal of NSA employed Chair of the Crypto Forum Research Group. There will be more.
For ensuring the safety of your outgoing traffic, it doesn't matter at all whether you can trust your router or not. It's just one step away from a router at your ISP, which you can't trust, and which can be assumed to be malicious.
It's a bit different for ensuring the safety of your internal network, though. If you think there might be any reason why the NSA, government or whoever might want to reach inside your personal network, then you certainly should avoid any closed solutions and keep it under as much control as possible. That router might well hiddenly allow people that know how to access your network without permission.
Router manufacturers also have been caught rewriting pages to insert ads. Here is one example of such a thing.
One solution is to simply not communicate outside of a domain you trust. Go offline. I the extreme, use pen and paper to store information you don't want others to see, and if you need to share that information with others, memorize it and tell it to them in person. As a compromise, use a trusted courier. But even that requires trusting someone.
Basically, adopt the same "off the communications grid" techniques that Osama bin Laden was thought to use.
As I said, you give up a lot, and for 99+% of us, that's not going to be the best option out there. But for a few, it is.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Bush? Clinton? Bush? Reagan? Carter? Ford? Nixon?
Maybe Lincoln or Hoover?
Hell if you really want to blame anyone, how about George Washington and his leading of thousands of men strong against a few hundred rioting moonshiners out West (Who by the way had already dispersed before they ever got there)?
There's a lot of blame to go around, so stop trying to pin it on a specific president just because you don't like his policies.
If you really want to place blame, place it on we the people for not holding our elected officials responsible before, or even, now.
So what exactly do you have to hide?
Just kidding (more or less) but really, what difference does it make. If NSA (or any other powers that be) wants to "get you", does it matter if they have "real data" they sniffed from one of your digital systems or not? If they truly want to arrest/harass/make you disappear whether they have real data or fudged data is rather moot.
So why worry? Either you're below their radar, and they can collect or not your precious data, or you're a target, in which case no matter what you do/hide/avoid won't help you in the long run.
Privacy went out the door along with all those AOL CD's - what's amazing is that people are just starting to notice (or care).
I bet that's more interesting with a 23-letter alphabet than the ROT-13 algorithm I sometimes use in my 26-letter alphabet.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
True, for some business models the user is the product. The advertiser is the paying customer. Broadcast TV and radio are examples.
You forgot how to multiply when you made this statement, though:
> Because their beneficial sweetheart tax deals could bring in
> as much as the profit from selling consumer electronics.
Assume a 100% tax break, the company pays 0% taxes.
That's zero percent of their profit. Profit = sales - expenses.
If they have no sales, they make no money, and paying 0% tax doesn't help them. Sales is always more important.
Let's compare two sales figures, both with a 10% tax reduction. If the company does $10 million in sales, that 10% tax cut is worth $1 million. If the company does $100 in sales, a 10% tax reduction is worth $10 million. So we see that to maximize the value of tax breaks, a company needs to have more happy customers, generating more profit subject to the tax break.
If you're worried about a router and if you can trust it, you've already done it wrong.
Your data should have been encrypted before it let the original application if its something you care about.
It shouldn't MATTER if you can trust the router, if it does, you've already failed.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
Start by evaluating what you have and whom you wish to keep it away from. If you have classified data that a national security apparatus wants, do what a poster up-thread suggested and keep it offline (also, stay the hell away from me). If your data is less sensitive, then evaluate your security posture using a multi-tiered approach. Assume all routers can be compromised and treat them as the first line of defense. Evaluate where you data sits (cloud based versus local) and how it is transferred (encrypted versus non). Evaluate your own work flows in determining how the data is potentially vulnerable.
You can build your own fortress unto yourself if you want to, but at the end of the day even if you're sharing with other fortress entities you will still end up having to send data across untrusted lines. Some of those lines are run by people who don't have your privacy interests at heart. So knowledge and common sense are still your best defenses.
I have no answer. I wanted to comment that this is the most pertinent "Ask Slashdot" that I've seen in the last five years. I would guess any router who's firmware was open-sourced.
If you are doing things that affect large powerful organizations in potentially negative way, you already know you are a target. Deal with it with hardened software, but don't forget that most secret information is lifted with social engineering (inside jobs of dozens of types.) Someone gives the combo to the safe away!
If you are not stepping on government, NSA or mega-corp toes, standard encryption techniques are probably just fine, but that is just one of the lines of defense.
Actually, the obvious answer is that you don't have a choice.
There is always subsistence farming.
Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
Come on, you sheeple- how many explicit revelations about how the monsters rule over you do you have to read before you get it? You are less than s**t in the eyes of those types of Humans that seek to rise to the top of any business enterprise. In Soviet nations back in the day they had a phrase- "SCUM RISES TO THE TOP".
Amoral and immoral psychologies are universal amongst corporate controllers. "Never give a sucker an even break" is their motto. Then, worse, these worthless individuals hob-nob with people of the same 'class'- powerful religious, government, media, military, 'charity' leaders and the like. They call themselves 'the elite' and define themselves essentially as NOT YOU.
People like Tony Blair have spent the last two decades+ getting 'the elite' to sing from the same page in the same hymn book. A large chunk of Blair's project is the rolling, expanding programs of "TOTAL SURVEILLANCE". Blair instructs his disciples that the better you monitor the sheeple, the better you control them, and the greater chance you will keep their passive support that actually empowers the elite.
All major commercial software is compromised. All major computer hardware, where possible and useful, is compromised. Intel's x86 CPUs have had hardware back-doors for years now (activated by encrypted keys). Intel's hardware 'random' number generators have been designed by the NSA, and can be controlled at will by the chips hardware back-doors, where given sequences of op-codes allow the behaviour of the generator to be altered.
All network equipment is fully back-doored and compromised in multiple ways. Many of these NSA methods are so horrible, form an engineering POV, that the normal functionality of the equipment is horribly degraded even when no intelligence agency hacking is involved.
The biggest open-source projects are also fully compromised. The NSA uses teams of psychologists to exploit the 'autistic' nature of many developers, so that flaming and aggressive behaviour in developers' forums can act as cover for slipping into builds modules of NSA designed code.
But open-source is ONLY vulnerable if the project is so unwieldy, testing the validity of key modules becomes impractical. Small, tight focused code projects like Truecrypt can never be viable targets, so the NSA focuses on psychological propaganda scaring users away from such options, or the simple distribution of NSA hacked binaries from sites under the control of NSA allies (if your favourite tech site "supports the troops", it most certainly supports the NSA and will willingly supply NSA-hacked versions of your favourite utilities).
The US intelligence agencies have a budget running into HUNDREDS of BILLIONS of dollars every year, and rising. Only the tiniest fraction of this spending is given any public coverage. In reality, the NSA has far more money than it know what do do with, and all 'blue sky' ideas to improve full surveillance programs against every single citizen are given real consideration. NSA data centres are hundreds of times larger than you imagine, and are well beyond the capacity required to store FOREVER every single available electronic communication.
The NSA has a desperate need for new, comprehensive data sources- hence Bill Gates' inBloom and Kinect 2 projects. Gates promises to provide, within a decade, everything you can possibly learn about every child, across their entire childhood, in the USA. With the Xbox One, Gates promises to groom the entire population of the USA to accept government cameras and microphones in their own homes.
Of course you MUST accept cameras in your house. You MIGHT be raping your daughter. You MIGHT be beating your wife. You MIGHT be saying the "N-word". You MIGHT be planning resistance against Obama and Gates. You MIGHT be a 'moosleem' terrorist. What right do you have to hide from US justice, you depraved anti-American criminal terrorist scumbag? Don't you read what the owners of Slashdot have their vile shills rant here over and over, with a score of 5?
It doesn't matter. Either there's an airgap, where nothing can get out regardless, so it doesn't matter, or their's a hop along the path you don't control so the security of your device doesn't matter.
If you have an Intel processor, then there is already a radio backdoor built in. See http://www.intel.com/content/www/us/en/enterprise-security/what-is-vpro-technology-video.html
Where I am the telco that is a bottleneck to the rest of the world has admitted letting the NSA watch everything available. If you are in such a situation if your router is phoning home that's just redundancy.
All the crypto software I've looked into depends on big internal arrays of special numbers to do its work. If those numbers are compromised (which is what NSA contracted RSA to do, basically), then the whole end-to-end crypto channel is compromised.
And that's the problem. You can build an open-source hardware router with open-source software, to keep the possibility of hardware backdoors to a minimum, but if the basic crypto algorithm you use has been compromised from the get-go, none of it matters. I think that's going to be the next really difficult intellectual load to lift: vetting ALL of the current crypto algorithms in use today to make sure the algorithms don't have built-in compromises. Since that vetting has to be done by crypto experts, not just software engineers, that pushes the trust back up one step: which crypto experts do you trust?
Modern laptops and desktops come with remote administration tools built into the chips on the board. (The vendors tout this as a feature, simplifying administration of a large company's workstations. It's easier and cheaper to build it into everything than to be selective, so it's in the machines sold to individuals, too.)
One example: Intel Active Management Technology (AMT) and its standard Intelligent Platform Management Interface (IPMI), the latter standardized in 1998 and supported by "over 200 hardware vendors". This is built into the northbridge (or, in early models, the Ethernet) chip).
Just TRY to get a "modern laptop" (or desktop), using an Intel chipset, without this feature. (I suspect the old Thinkpad is how far back they had to go to avoid it.)
You can't disable it: Dumping the credentials or reverting to factory settings just makes it think it hasn't been configured yet and accept the first connection (ethernet or WiFi, whether powered up or down) claiming to be the new owner's sysadmins.
If the NSA doesn't know how to use this to spy on, or take over, a target computer, they aren't doing their jobs.
Some of the things this can do (from the Wikipedia articles - see them for the footnotes):
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
If you wish to skirt the NSA, get your router from Huawei, and let the Chinese spy on you instead. If you don't want the Chinese to spy, get something from the usual NSA contributors. Or see if there's anything made in Russia or any country that's totally independent of the US.
How easy is it to get a standard router from Cisco or Juniper, and replace IOS or JunOS w/ something like pFsense, m0n0wall or OpenWRT?
While at it, switch to IPv6, and within a group of people, share a /64 subnet so that even if the NSA spies, they'll find it impossible to source the original source/destination, particularly if dynamic IPs are used.
The only way to obtain 100% safety from being hacked by a government agency, as well as anyone else, is to place an air gap between your system(s) and the public Internet. Think of it like trying to protect your house from burglars breaking in: The best you can do is slow them down. Given enough time, skill, and resources, any burglar can defeat any security arrangement in any house. Same goes for your computers. Therefore there is an implied level of risk involved if you wish to continue using the internet, and if you cannot accept that risk, even after taking reasonable precautions against your system(s) being compromised by whoever might wish to, then you must re-evaluate whether or not it's worth it to you to continue using the internet at all. Now, some people are going to flame me for saying this, because they're convinced that life cannot continue without internet access, but that's simply not true, just ask anyone who was an adult about 25 years ago how they managed to get along without the World Wide Web (hint: they got along just fine without it).
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
I do not trust commercial routers, not because of NSA-weakened crypto, but because of plain old security holes like unclosed developper backdoors or web administrative interface full of CRSF vulnerabilities
I use a Soerkis box with a PCI DSL board, and I run NetBSD on it
The question is can you trust the algorithms/OS used in the routers. If you build your own router/firewall, will you be sure there is no backdoor built into the code?
There are any number of Open Source router projects to replace proprietary router software with a Linux or BSD system on your own router hardware. OpenWRT and others. For home or small business it may well be a fair idea if you are upset by the RSA fiasco or don't trust venders. Of course its more work, and not for those scared of such projects. I lnow little about them except some projects seem to have been around a decade or more.
then change the list of people who are building it into a list of people who will back door it for you. Simple as that. Not everyone can be bought for a price, but there is enough people who can be bought for a price to buy it for a price.
There is no privacy on the Internet. Never has been.
I installed above on a router a few months ago - never looked back. Not that I sought it out, but my local thrift store has TONS of WRT whatever purple and green routers that run DDWRT no questions, and my crappy Cisco router was crappy. No signal outside the house, constant reboots required, UPnP that was subpar. The new router is good because I could look at the firmware source if I wanted to, but I can trust the community too. With the net gear BS I couldn't look at either.
Timothy, Timothy, Timothy. When will you ever learn? "Ask Slashdot" posts belong in the "Ask Slashdot" section so that those of us who choose to filter out those stories can do so. It doesn't work though if you keep posting "Ask Slashdot" stories in other sections.
'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
According to Fox Mulder from The X-Files. ;)
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
Tighten your tinfoil hats.
They took every precaution to prevent the world from learning about this sort of thing. If they'd had their way, nobody would know or suspect and everything would be fine.
If you want to blame anyone for having all this come out, blame that tattletale contractor guy with the big usb sticks.
end-to-end encryption with a key pair. Doesn't matter what the carrier looks like at this point. It could be a fucking pigeon.
That is all.
Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
you mean those usually beta/alpha firmwares who often can barely run without incurring in problems, and that don't get security update for well over 6-12 months on certain platforms becaus... whell, they're beta?
That is by far the most interesting bit of information I've read in a long time. Awesome sir.
Go offline.
If you do that they win !
Internet is a threat to them. Internet is the one thing that can expose their evil deeds.
If there was no Internet, Edward Snowden's revelation will never get known to many of us.
The obvious answer is FPGA routers, made with fully open-sourced VHDL files.
Muchas Gracias, Señor Edward Snowden !
The front door on my house works great for me. A bank wouldn't want to use it to protect their vault.
My router does fine for me. I'd like my politicians, and boss, and many other people who's decisions & actions affect me to be better protected than I am, but I can't build a custom router for them.
I you can roll your own machine from scratch that is fine.
If however you hire some specailiast to make the machine, and he uses of the shelf components then you have added 2 modes of attack.
example: Snowden was hired by the NSA to increase the internal security of the NSA.
If it's not fear of NSA snooping, it's the occasional revelation that an enterprise class router has a simple root level access username and password hard coded into it, or it's a near perfect knock-off from China with who knows what going on. The question is: were we ever able to trust commercial routers? The answer is no.
Brought to you by Carl's Junior.
Going off slightly onto a diagonal tangent, but relevant due to Christmas shopping and the annual agony of trying to pick a new router before giving up in disgust... is there actually such a thing as a high-end router that DOESN'T seem to have page after page of 4- and 5-star reviews, sprinkled with 5-10% of 1-star reviews, and a pattern something like...
***** Awesome! Kicks ass! The greatest router I've ever had! Problem free, works flawlessly, and perfect in every way. {technical details}.
* Total garbage. Pure shit. 5GHz connections dropped after a day, and the router had to be rebooted to fix it.
***** (another overwhelmingly-positive review)
* Worked like a champ for {3-9 months}, then crapped out and left me in misery until I finally gave up and bought a new one.
***** (another positive review claiming it's a gift from ${deity})
* Junk. 2.5GHz works for 3 hours, then the router forgets how to route traffic between wireless and wired. 5GHz doesn't work reliably with Apple devices, and works reliably with Android devices only if you remove the network, reboot the phone, then add it as a new network.
* Terrible range and speed. I connected to this AP with my laptop from 5 feet away, and got barely 1mbps on an unused 5GHz channel. I disconnected it, reconnected my old $49 access point, and benchmarked 36mbps. WTF?!? ... and so on. Case in point: just about every dual-band 3-antenna router from ASUS, Netgear, Linksys, and Buffalo router that costs more than $150.
As far as I can tell, it basically comes down to:
* None of them have adequate heat-removal, especially if they're in a closet or cabinet of any kind. The electrolytic capacitor plague continues unabated 15 years later.
* Poor antenna impedance-matching, so RF gets reflected back into the radio module and progressively damages it.
* RF modules have real limits that nobody ever talks about, and certain permutations of features that just can't work, but because nobody from the manufacturer will ever come out and identify what those precise constraints are, end users are left to randomly flail about and wonder why certain things just don't work.
* Crap component quality pushed to the absolute limit of its design capabilities, then pushed 5% further, and guaranteed to fail eventually.
* Zero quality control besides "could we power it up enough to flash it"?
No one is going to break into an air gap computer in a Faraday cage.
Really?
Let me Google that for you.
I won't join Slashcott. OTOH, If Beta goes live, I just won't be back until it's fixed. Sorry Dice.
http://scherbius2014.de/EDVstattIT.html
http://www.cl.cam.ac.uk/~sps32/Silicon_scan_draft.pdf
Yes, seriously - I am rolling on the floor laughing at this!
What makes you think the silicon isn't backdoored? http://www.theregister.co.uk/2012/05/29/silicon_backdoor/
Are you sure? I assume that, given the case that a gun is involved, the probability that one of the concerned persons will not survive is much greather than 0.01% and so no information transfer will take place.
Which requires a trusted third party toolchain to generate the various bits of magic needed by the FPGA. And you have to trust your FPGA manufacturer didn't embed a small SoC that has hooks into the dedicated ethernet MACs embedded in there.
With homebrew, at least you can make sure it's as up-to-date as possible. Some of the ISP gear is *OLD* and there's no guarantee that your ISP is pushing out any sort of regular security updates (or that they're even provided by the manufacturer).
See http://qubes-os.org/trac/wiki/QubesArchitecture
Computers can be operated such that all networking components starting at the NIC and ending at the (entire) remote system are untrusted. In an OS like Qubes, the NIC and IP stack are operated in their own untrusted VM running from a read-only template.
It works great!
Then, of course, there are the tools you can use to enhance privacy and trust: Tor and I2P use onion routing and use addresses that are verified with crypto. Where I2P improves over Tor is in the former's abilities as a general purpose transport, and its P2P spin (lack of centralization) on onion routing.
When the privacy tools are not application-specific, there is better potential for consistent utilization and for thwarting attacks.