Slashdot Mirror

← Back to Stories (view on slashdot.org)

VPNFilter Can Also Infect ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE Devices (bleepingcomputer.com)

Posted by msmash on from the security-woes dept.

Catalin Cimpanu, writing for BleepingComputer: The VPNFilter malware that infected over 500,000 routers and NAS devices across 54 countries during the past few months is much worse than previously thought. According to new research technical details published today by the Cisco Talos security team, the malware -- which was initially thought to be able to infect devices from Linksys, MikroTik, Netgear, TP-Link, and QNAP -- can also infect routers made by ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE. The list of devices vulnerable to VPNFilter has seen a sharp jump from Cisco's original report, going from 16 device models to 71 -- and possibly more.

24 of 188 comments (clear)

  1. Good thing I use.... by Zurkeyon3733 · · Score: 1

    PFSense and Routerboard then huh? ;-P

    1. Re:Good thing I use.... by Aqualung812 · · Score: 1

      There is a whole slew of Routerboard products listed:

      RB411 (new)
      RB450 (new)
      RB750 (new)
      RB911 (new)
      RB921 (new)
      RB941 (new)
      RB951 (new)
      RB952 (new)
      RB960 (new)
      RB962 (new)
      RB1100 (new)
      RB1200 (new)
      RB2011 (new)
      RB3011 (new)
      RB Groove (new)
      RB Omnitik (new)

      That said, are you running pfSense ON the RB hardware? If so, do you have any docs on that? I'm interested.

      --
      Grammer Nazis - I mod you "troll" unless you actually add something on-topic. Yes, I know I have mispellings in my sig.
  2. Re:Curious lack of Synology... by olsmeister · · Score: 1

    They authored the malware. It's a dog-eat-dog world....

  3. Re:Curious lack of Synology... by Anonymous Coward · · Score: 2, Funny

    I have both a Synology router and NAS and find it curious this entire brand is omitted from getting infected. Thoughts on why this Chinese-made brand isn't affected?

    why hack something with backdoors ;~)

  4. Alt Firmware? by Anonymous Coward · · Score: 1

    Does anyone know if this enters through the stock firmware, or is it a lower level attack? What if we're running DD-WRT or Tomato on one of these routers?

    1. Re:Alt Firmware? by GrumpySteen · · Score: 5, Informative

      From a different article

      Since the research is still ongoing, Talos researchers "do not have definitive proof on how the threat actor is exploiting the affected devices," but they strongly believe that VPNFilter does not exploit any zero-day vulnerability to infect its victims.

      Instead, the malware targets devices still exposed to well-known, public vulnerabilities or have default credentials, making compromise relatively straightforward.

    2. Re:Alt Firmware? by Anonymous Coward · · Score: 1, Interesting

      It's a vuln in the http server. Mikrotik patched it a year ago.

  5. Wishlist ... by lastman71 · · Score: 2

    It would be nice to have modem adsl with openwrt ...

  6. Re:Curious lack of Synology... by ctilsie242 · · Score: 3, Informative

    I read because QNAP and the other mentioned models used BusyBox for their userland, and likely a vulnerable version. Synology uses discrete Linux binaries for its userland, so it wasn't vulnerable because of this.

    I would say that Busybox is a good product, but there have been some CVEs last year which required updates.

    Synology is a Taiwanese company, so I fear it less than a company on the mainland.

  7. the old "reference design" trick by swschrad · · Score: 1

    hardware is pretty much all the same, and apparently the core software is also a reference design, with the brand tricks all of the include.something variety.

    --
    if this is supposed to be a new economy, how come they still want my old fashioned money?
    1. Re:the old "reference design" trick by Solandri · · Score: 1

      The "core software" is Linux. Pretty much all routers (most standalone devices really) run Linux under the hood. There are a few oddball routers which use a RTOS like QNX or VxWorks (these are the ones you want to avoid if you're hoping to flash a third party firmware). But the vast majority run Linux because it's free. This malware probably wormed its way in via a universal Linux exploit which was patched in the production releases of Linux distros, but not in the much-slower-to-update router firmware releases.

    2. Re:the old "reference design" trick by nmo.marques · · Score: 1

      It wont stop until companies are held accountable for security.

  8. Re:Openbsd still fine by Anonymous Coward · · Score: 1

    Sure it is.... if you're an expert on programming and network security, you've personally audited all of the code and compiled all of the executables yourself with a compiler that you've somehow managed to ensure has not been compromised.

    Otherwise, it's a roll of the dice.

  9. Good Thing I have an Apple Router by TheFakeTimCook · · Score: 1, Informative

    I don't see it on the list, and I'm pretty sure that they write their own Firmware. Never heard of an exploit of an Apple Router. Ever.

    Apple, PLEASE come back to the Router Business!!!!

    And, while you're at it, please add AirPlay 2 support to the AirPort Express 2 Router/DAC!!!

    1. Re:Good Thing I have an Apple Router by 605dave · · Score: 1

      I assume you are joking, but there is some truth in there. If you knew how to use it the Airport made a great home router

      --
      Be kind, for everyone you meet is fighting a difficult battle. - Plato
    2. Re:Good Thing I have an Apple Router by Gr8Apes · · Score: 2

      The Airport Extreme is hands down the most reliable consumer grade router out there. In fact, it's better than a handful of business class routers I have used. For years I refused to buy one because I thought "why, it's just a router and it's expensive!" Well, years of fighting with various routers configs, reboots, updates, custom firmware, etc, and noting that the routers I was buying had started going up in price, I finally caved and bought one. My main reason was a friend stated he'd not rebooted his in years and I had no issues at his house. Sure enough, plugged it in, and a host of network weirdness disappeared immediately. Reboots? I generally don't even think about it unless some notification comes out that actually makes me think about my router. I've had more trouble with my ISP in any given year than my router. I'm going to buy another one before stock runs out.

      --
      The cesspool just got a check and balance.
    3. Re:Good Thing I have an Apple Router by 605dave · · Score: 2

      Bingo. Everyone dismissed it while it simply worked incredibly well. They say it had a "simple" interface not knowing how configurable it was under the hood. I had custom port forwards, IP assignment, DMZ, everything you'd think you'd want on a home router. Then they EOL'd it.

      --
      Be kind, for everyone you meet is fighting a difficult battle. - Plato
    4. Re:Good Thing I have an Apple Router by TheFakeTimCook · · Score: 2

      I assume you are joking, but there is some truth in there. If you knew how to use it the Airport made a great home router

      No. I was being dead serious.

      My Airport Extreme 5th Gen Router NEVER needs a Reboot, has most of the bells and whistles expected in a modern router (separate 2.4 and 5 G Networks, Guest Network, Flexible Port Forwarding, etc.) Plus, I can even securely config. the thing over WiFi from my iPad if I so choose.

      Plus it is hands-down the easiest Router I have ever had to set up in Bridge Mode. And it even supports some type of Mesh networking that I have never understood, since I don't have two of them.

      Yeah, now I wish I'd gotten one of the "ac" capable ones....

    5. Re:Good Thing I have an Apple Router by Gr8Apes · · Score: 1

      FYI - I do have to agree that the interface on the airport utility 6.x is too simple, for about 0.01% of the target audience. It's adequate for 99% of the things people would ever need to do. However, not having an admin interface that exposes the functionality that was available in the 5.6 utility such as signal strength, logs, etc is something I highly desired enough to install 5.6 alongside the new 6.x utility. I don't know if 5.6 works with the latest AEs though.

      --
      The cesspool just got a check and balance.
    6. Re:Good Thing I have an Apple Router by Gr8Apes · · Score: 1

      Yup, throwing on custom firmware and configs expecting things to not crash occasionally...

      Seems like what I expect out of my router - something that routes reliably. Apparently you consider reliability as a lesser requirement.

      or jumping into a router where you can't possibly ever do any of the functions you list?

      What functions did I list?

      Yeah, I know which one isn't going to crash (mostly because the user). Any $100+ router I've ever used never needed reboots, and those that are $100 only crash when heavily loaded (which I expect).

      Well, considering I've owned at least 3 that also purported to run DD-WRT reliably, which they did when the hardware didn't lock up.... At least I'm assuming the hardware because it was a consistent problem across multiple firmware releases across all three. And several of those routers were in the $150 range. And I don't expect my router to crash due to load unless I'm actually intentionally causing a DOS situation on the interface. Normal TCP based usage should not crash a router, ever.

      I've also never recieved a notification to reboot my router, so there's that.

      I was referring to notifications about issues regarding routers, as sent by various newletters, RSS/Atom feeds, ISPs or even noted in websites about potential router issues.

      Enjoy being locked to the simple interface.

      I enjoy the simple interface because it suffices and I don't see it often. If I was in a situation where I constantly needed to reconfigure my router, I'd place a linux/bsd based firewall into the DMZ configuration and deal with all configuration there because I'd likely need more capabilities than any simple consumer based router provides. Right tool, right job. In fact, this is how I'm setup. You can continue to enjoy your unreliable and inherently less capable router, however.

      --
      The cesspool just got a check and balance.
    7. Re:Good Thing I have an Apple Router by TheFakeTimCook · · Score: 1

      Yup, throwing on custom firmware and configs expecting things to not crash occasionally...

      or jumping into a router where you can't possibly ever do any of the functions you list?

      Yeah, I know which one isn't going to crash (mostly because the user). Any $100+ router I've ever used never needed reboots, and those that are $100 only crash when heavily loaded (which I expect). I've also never recieved a notification to reboot my router, so there's that.

      Enjoy being locked to the simple interface.

      As usual, the Anonymous COWARD spouts off about how his mythical, $5 device (which, as usual, is NEVER named. Why not, eh? Don't we ALL deserve to know about this GREAT DEAL?) beats the pants off of the "Overpriced" Apple gear.

      Funny, that's how these Anonymous COWARD posts almost ALWAYS go.

      So transparent.

  10. Latest firmware =/= best firmware by RubberDogBone · · Score: 1

    My Asus router has to run an older firmware version because the LTE USB modem I use for internet doesn't work with the latest firmwares. And yes I run one of the third-party firmwares which incidentally just announced they were no longer going to update this router anyway. No matter what, this Asus is a dead end even though it works just great.

    My backup router is a Netgear which also happens to be on the hit list, yay, but it doesn't work with the LTE modem so it can't be a frontline device anyway.

    The LTE modem is a ZTE with an internal router so it may also be vulnerable. The fun never ends.

    All of this is sending me screaming out to Microcenter to find something that doesn't suck .... and whimpering back into the maw of Comcast so I can ditch the ZTE LTE modem. Dammit.

    --
    Sig for hire.
  11. Re: Says "bugs bunny" the imaginary person, lol! by Brockmire · · Score: 1

    I guess it's not either 1) or 2), but both.

  12. Asus -- Using AdvancedTomato FW?? by LVSlushdat · · Score: 1

    I have an Asus RT-N66U running Advanced Tomato.. Would it be affected with this issue???

    --
    THANK YOU, Edward Snowden!! Americans owe you a debt of gratitude (whether they know it or not..)