“How could I steal your company secrets for $100”: The dangers of buying used routers

Share This Post

- Advertisement -

A study conducted by researchers from ESET found that you can buy routers from companies with confidential data, such as username and passwordwhich can be used to commit cyber crimes.

- Advertisement -

The experts bought 18 routers used and found that full configuration data was still accessible on more than half of those that worked properly.

A router (or “router”) is used to share an internet connection between multiple devices from the creation of a network between computers (home or business), while the modem connects that network and the computers in it to the internet.

- Advertisement -

“The routers used, as well as any communication devices, have configurations that are saved in memories of the type flash, which are not erased on reboot team,” explains a clarion Adolfo Fioranelli, network and communication expert, CEO and founder of Consultores IT.

“When purchasing used equipment that has not been properly treated to erase its configurations, the new owner has copies of those configurations from the previous one, including the security rules and passwords for the equipment, as well as the networks served, the IP paths and a lot of information that is extremely valuable to an attacker,” he adds.

The problem stems from poor management of corporate hardware disposal: “There are well-documented processes for dismantling hardware, but ESET has discovered over a period of extensive research and analysis that key routers in corporate networks are often not cleaned first of the removal of the service and put them up for sale,” the report said.

This leaves critical configuration data open to cybercriminals and potentially open to abuse.

The ESET study

More than half arrived with sensitive data.  Photo: Pexel.

More than half arrived with sensitive data. Photo: Pexel.

The company specializing in cyber security found out 56% of devices contained data and configuration details which could be accessed to obtain sensitive data.

Among the working material, one device was dead on arrival, so it was removed from the tests, and two of them were a mirror of each other and were counted as one in the evaluation results: In this scenario, of the remaining 16 devices, only five were successfully eliminated and only two were shielded (“hardening”), which made accessing some data difficult.

However, for most of them, it was possible to access the complete configuration data: A true diamond in the rough for cyber attackers.

Therefore, the right thing to do in such cases is that the system administrator must securely erase the configuration and restore it to factory settings to ensure that sensitive information is not accessed.

There were four devices between the routers Cisco (ASA 5500), three of fortinet (Fortigate series) and 11 Juniper nets (SRX Services Gateway series).

A testable problem: the tests in Argentina

The same problem, with devices purchased in Argentina.  Photo: Shutterstock

The same problem, with devices purchased in Argentina. Photo: Shutterstock

Fioranelli has repeatedly done the same test with routers sold on e-commerce sites like Mercado Libre. “In my experience, 9 out of 10 come with the configurations of the previous owner and in most cases correspond to the most important multinational or local companies”, explains the expert.

With a very low investment, an attacker could seriously compromise a large company for that ‘oversight’ of not deleting the information from the equipment before its definitive disposal”, he develops.

“An attacker could have extremely valuable and confidential information, for example, you may know the WiFi network access rules company and configure the computer for unauthorized access or set up a computer ‘rascal‘”, that is, connecting to the network without authorization and without the network security policies.

This can lead to a third party connecting to the computer that is the official company, “sending all their communications through the attacker’s ghost computer,” he explains.

The practice is curious because “most companies have a procedure for canceling notebook hard drives, desktop computers and even servers before their final disposal, to avoid the leakage of data that is on a hard drive, but few have it for their communication equipment, it would be great if they added it to ensure that such valuable information from the network does not t fall into the wrong hands”, explains Fioranelli.

What specific dangers exist and how to avoid this problem

Clear everything before reselling.  Photo: Shutterstock

Clear everything before reselling. Photo: Shutterstock

Javier Rincón, Avast’s manager for Argentina, explained clarion that when an attacker gains access to a router’s information, he can:

  • saturate andthe bandwidth
  • To spy Internet traffic of connected devices
  • Access illegal content using the internet connection
  • Gather personal or sensitive data
  • To install malware (virus)
  • Create a network map Wifi and plan attacks on all devices on the network
  • attack to other people or organizations
  • Kidnap files via ransomware
  • Use of hardware for botnets or even mine cryptocurrencies
  • In this sense, to avoid being the victim of an attack of this type, it becomes essential to delete all information to the factory settings.

In this sense, the person who warned about this situation a few years ago was the IT security specialist Cristhian Borghello.

“A final disposal procedure must be created for the equipment which includes the removal of all network data, credentials and secure data deletion. In case your device has internal storage, disk, SSD or memory, it should be securely erase or modify before sale. Finally, if the device allows it, it should be returned to the factory before sale, ”he explains in a dialogue with this medium.

From Avast also recommend to contemplate the following points:

  • Edit the username and password to access the router configuration
  • Activate the WPA2 or WPA3 encryption, which protect the router from unauthorized access
  • Create one secure password and a new router network name for people who want to connect to your Wi-Fi network
  • Turn off WPSthis means that routers can connect by pressing a button or entering a PIN to connect instead of using the password, which makes it less secure.
  • Deactivate remote or wireless administration, which will allow configuration access only via an Ethernet cable, which prevents anyone from anywhere.
  • Update the router’s firmware, which is the software that controls a specific piece of hardware.
  • Use a cyber security tool that protects your Wi-Fi network like Avast Free Antivirus, which includes an inspector that constantly scans your Wi-Fi network for suspicious devices or activity.

The ESET study, complete

Source: Clarin

- Advertisement -

Related Posts