Apple AirPort not on latest 'Vault 7' list of gear susceptible to factory firmware hack by...

24

Comments

  • Reply 21 of 63
    seanismorrisseanismorris Posts: 1,624member

    Has the code for the exploit been released (or how to do it) or was it just a description of the exploit?

    It sounds like you either need physical access to the router, or remote access -which is usually disabled by default.

    It's probably not safe to purchase any of these brands sold through middleman (Amazon/EBay, etc) from now on because they could have been tampered with.

    I bet the router manufacturers are fuming ; )

    These routers security has always been bad... now they're approaching unusable.



    1) No code was released.
    2) You do need physical access to the router -- and they were getting it either in the factory, at retail, or before delivery.
    3) Probably.
    4) Probably.
    This article discusses a few of the vulnerabilities used by the CIA.  But arguably the one we should be most concerned about is called Claymore.

    It involved a network scan tool rather than the need to have physical access to the router...  they still end up replacing your devices firmware once they get access, to track you and collect your online passwords. (Using the other tools)

    FYI

    It's a good idea for everyone to make sure they have the latest firmware installed on their router.  Disable remote administration, disable UPNP, and change the default password.  It may not do any good against the CIA tools, but you'll be safer than doing nothing.  While you're in there you might as well change your Wifi password (these days it should be a pass phrase because it's more secure, and not a password).

    Also if you buy a new router, the first you should do is download (from the manufacturer) and overwrite whatever firmware came installed.

    If you have an old router (and a manufacturer that hasn't updated the firmware) it might be worth while looking into open source firmwares like 
    DD-WRT.  DD-WRT might not be the best choice because of it's Linksys roots but it would be a good place to start researching options.

    As users we have to assume these tools and not just the documentation will be released soon.  What a pain in the ass...


  • Reply 22 of 63
    SoliSoli Posts: 10,035member
    gilly33 said:
    Glad to know Airport hasn't been exploited. Would be nice though to learn what Apple plans to do with the hardware. I have the flat AirPort Extreme. Not too long ago the Comcast modem/router was not playing nice with the AirPort Extreme and the Comcast techs were saying just use their router. I replied 'thanks but no thanks!' I'm happy with every Apple product I own. If only I had stock in the company now that would truly make my day. Lol. 
    We don't know if any current AirPort router have been exploited. All we know is that they're not in this list. Big difference.
    edited June 2017 irelanddewmepscooter63dysamoriarazorpit
  • Reply 23 of 63
    SoliSoli Posts: 10,035member

    Has the code for the exploit been released (or how to do it) or was it just a description of the exploit?

    It sounds like you either need physical access to the router, or remote access -which is usually disabled by default.

    It's probably not safe to purchase any of these brands sold through middleman (Amazon/EBay, etc) from now on because they could have been tampered with.

    I bet the router manufacturers are fuming ; )

    These routers security has always been bad... now they're approaching unusable.



    1) No code was released.
    2) You do need physical access to the router -- and they were getting it either in the factory, at retail, or before delivery.
    3) Probably.
    4) Probably.
    Also if you buy a new router, the first you should do is download (from the manufacturer) and overwrite whatever firmware came installed.
    You should do it, but it should be noted that this is not a guarantee of anything. There could be exploits built into the HW or even a rootkit installed that could make wiping the firmware a million times pointless. That isn't to say you should automatically worry about that, but you shouldn't assume that you're completely safe.

    If you're buying from a popular brand name and keep your devices up to date you are statistically more secure than the average person—and not just from wireless routers, but because someone with an antiquated 802.11g router is more likely going to have other antiquated equipment that hasn't been updated in years as well as care less about security, all of which make them easier to exploit.
    razorpit
  • Reply 24 of 63
    slurpyslurpy Posts: 5,382member
    rob53 said:
    ireland said:
    Makes you wonder who the bigger terrorists are.
    We all know the CIA is the largest terrorist organization in the world--and this isn't a political statement, it's a fact! Many Americans won't call them terrorists but everyone outside the USA will so the CIA is a terrorist organization to them.

    I do hope Apple is seeing and understanding the absence of a hack for their Airport routers. Simply build on what they already have and keep Apple customers safe. It's just a router, nothing more, so Apple could turn it into a hobby and just update it. They can stick it into their Siri box if they don't want to have a separate router, letting Siri configure it with voice instructions. 
    I would love it if Apple released their own mesh networking system like Eeero, etc. I'd like to pick up one of these (can't stand shit wifi anymore) but would prefer an Apple option. 
    ireland
  • Reply 25 of 63
    pujones1pujones1 Posts: 222member
    I hope these manufacturers actually get off their butts and make good use of this info to secure their routers. The price of these things are astronomical right now IMHO. I paid $300 for a Netgear X8 5300 so I'd appreciate it being safe from attack.
    dysamoria
  • Reply 26 of 63
    razormaid said:
    If Apple knows this then why on Earth are they wanting to kill off Airport Extreme Routers?  I would probably be one of those who rushes out and buys them all up but that would be useless if Apple stop sending out firmware updates once it kills it off.  This doesn't make sense to me.  You'd think they would expand on Airport not kill it off.
    If there is ever a reason to keep on and develop something then this is it.
    By updating the H/W etc Apple can show that security really is at the heart of what they do and not just lip service.
    I'd expect that sales of this kit will improve now despite some reports elswhere stating that Apple kit was hackable by the [redacted].



    Solidysamoria
  • Reply 27 of 63
    SoliSoli Posts: 10,035member
    pujones1 said:
    I hope these manufacturers actually get off their butts and make good use of this info to secure their routers. The price of these things are astronomical right now IMHO. I paid $300 for a Netgear X8 5300 so I'd appreciate it being safe from attack.
    A good modern router isn't cheap, especially when you buy several mesh routers. I'd even argue that mesh routers are right in Apple's wheelhouse, and could be part of other iOS, home-based devices built with an Apple chip. From the Apple TV to HomePod, to a variety of SiriHome and other such devices, I think Apple could create the most secure home network solution with the most user-friendly UI.

    pscooter63
  • Reply 28 of 63
    radarthekatradarthekat Posts: 3,842moderator
    razormaid said:
    If Apple knows this then why on Earth are they wanting to kill off Airport Extreme Routers?  I would probably be one of those who rushes out and buys them all up but that would be useless if Apple stop sending out firmware updates once it kills it off.  This doesn't make sense to me.  You'd think they would expand on Airport not kill it off.
    Here's a theory...

    the rules for government eavesdropping are a bit different for the gear used to create the networks than they are for personal devices.  And there are government orders to companies that companies are not allowed to make public; not allowed to speak about.  Combining these two facts, one could theorize that the government might have made a secret order to network gear companies that require them to submit to something akin to the Clipper chip, but just software based.  Terrifying, but maybe plausible.  A company like Apple, rather than submit to such an order, would more likely simply shut down its minor network gear business.  
  • Reply 29 of 63
    sflocalsflocal Posts: 6,092member
    StanW said:
    Yes it's so true about the AirPort Extreme Router. I have never had an issue with it and it works the best. I had ATT routers that were given to me free but they were useless. I don't understand why Apple wants to eliminate such excellent hardware.
    I wish Apple would update the AirPort Extreme. Its hands down the best router I've ever owned. 
    We own quite a few apartment units in San Francisco and provide "free" business-class internet to all the units.  In the past, we used the basics like Netgear, Linksys (now Cisco), and D-link.  They all were garbage.  They all either failed within months, or required periodic restarting for whatever reason that we began to question the usability of providing the service.

    Apple's Extreme routers were the priciest, but we decided to try one and shortly thereafter, replace all the units with Apple Extremes.  They are built so well, that in 10 years, only one failed and only after years and years went by.  They are just high-quality devices built to last.  We purchased quite a few more (as backups) when whispers of Apple discontinuing them began to emerge.

    They are the best for residential use.  I hope Apple keeps them going.
    Soliargonautboltsfan17pscooter63dysamoria
  • Reply 30 of 63
    rob53 said:
    ireland said:
    Makes you wonder who the bigger terrorists are.
    We all know the CIA is the largest terrorist organization in the world--and this isn't a political statement, it's a fact! Many Americans won't call them terrorists but everyone outside the USA will so the CIA is a terrorist organization to them.
    Sorry, we all DON'T know the CIA is the largest terror organization in the world. Give me a break. The real world necessitates these agencies, including those in our allied countries working similar problems. Wrongs have been done, many over the years by the the CIA. No excuse can be given for the misuse of such power. Oversight and reform continues. 

    You apparently don't have a lick of knowledge about what goes on outside of the safe and comfortable bubble we all take for granted. These people are heroes and patriots. Rights and freedoms need defending. 




    radarthekatrazorpitcti1610
  • Reply 31 of 63
    bluefire1bluefire1 Posts: 1,301member
    Ironically, I bought two of them today (one being an extender) before even seeing this article. The Apple rep in the store suggested a google router and I suggested he use my Apple Pay for two Airport Extremes. There's nothing like an Apple product.
    By the way, setup couldn't have been easier.
    dysamoriarazorpitmike54
  • Reply 32 of 63
    YvLyYvLy Posts: 89member
    Networking being such an integral part of security and Apple embodying it ... I can't figure out why Apple is not making networking gear / routers an integral part of their product offerings ...
    dysamoria
  • Reply 33 of 63
    avon b7avon b7 Posts: 7,624member
    It is ironic that China, taking advantage of European investigation, has successfully tested the base of quantum communication following the pioneering work of Anton Zeilinger and Valerio Pruneri. The Mozi satellite is in the news this week. 

    I wonder how far behind the US and Europe now trail in this filed?

    Although I had a recent visit to a supercomputing centre where they drove home the EU's plans to have it's own homegrown and manufactured processor operational by 2020 in an attempt to provide a higher level of security against cyber attacks.


  • Reply 34 of 63
    radarthekatradarthekat Posts: 3,842moderator
    avon b7 said:
    It is ironic that China, taking advantage of European investigation, has successfully tested the base of quantum communication following the pioneering work of Anton Zeilinger and Valerio Pruneri. The Mozi satellite is in the news this week. 

    I wonder how far behind the US and Europe now trail in this filed?

    Although I had a recent visit to a supercomputing centre where they drove home the EU's plans to have it's own homegrown and manufactured processor operational by 2020 in an attempt to provide a higher level of security against cyber attacks.


    Those in the research community have noted that the United States, a few years ago, stopped publishing on the topic.  Their view of that fact is that either the developments underway failed (unlikely as the experiments proving action at a distance have been successful for 20 years, at greater and greater distances, culminating, as far as we know, with China's satellite mission), or that the U.S. development has been spectacularly successful, and so they would naturally keep that result to themselves.  
  • Reply 35 of 63
    irelandireland Posts: 17,798member
    I do not understand why Apple wants to kill AirPort, especially considering its appreciation for security and privacy.
    No one has proven this yet.
    StrangeDays
  • Reply 36 of 63
    irelandireland Posts: 17,798member
    razormaid said:
    If Apple knows this then why on Earth are they wanting to kill off Airport Extreme Routers?  I would probably be one of those who rushes out and buys them all up but that would be useless if Apple stop sending out firmware updates once it kills it off.  This doesn't make sense to me.  You'd think they would expand on Airport not kill it off.
    Here's a theory...

    the rules for government eavesdropping are a bit different for the gear used to create the networks than they are for personal devices.  And there are government orders to companies that companies are not allowed to make public; not allowed to speak about.  Combining these two facts, one could theorize that the government might have made a secret order to network gear companies that require them to submit to something akin to the Clipper chip, but just software based.  Terrifying, but maybe plausible.  A company like Apple, rather than submit to such an order, would more likely simply shut down its minor network gear business.  
    That’s not how they reacted for their iPhone business.
    dysamoria
  • Reply 37 of 63
    irelandireland Posts: 17,798member
    bluefire1 said:
    Ironically, I bought two of them today (one being an extender) before even seeing this article. The Apple rep in the store suggested a google router and I suggested he use my Apple Pay for two Airport Extremes. There's nothing like an Apple product.
    By the way, setup couldn't have been easier.
    Apple are likely to replace AE with a mesh product in the next 24 months or less in my opinion.
  • Reply 38 of 63
    GeorgeBMacGeorgeBMac Posts: 11,421member
    MacPro said:
    gilly33 said:
    Glad to know Airport hasn't been exploited. Would be nice though to learn what Apple plans to do with the hardware. I have the flat AirPort Extreme. Not too long ago the Comcast modem/router was not playing nice with the AirPort Extreme and the Comcast techs were saying just use their router. I replied 'thanks but no thanks!' I'm happy with every Apple product I own. If only I had stock in the company now that would truly make my day. Lol. 
    'Comcast' and 'Techs' used in the same sentence?   :o

    Seriously, I just hang the Apple gear off the Comcast box using ethernet and turn off the Comcast Wi-Fi.  Firstly because like you I love my Apple routers and secondly that Xfinity Public access stuff creeps me out!  I know you can disable it but none of our neighbors seem to know that.
    I second that...
    Both with Comcast and with Verizon, I tend to use my own gear -- partly because its cheaper in the long run than renting their stuff.   But, like you point out, Comcast's public access stuff is just plain creepy!  I don't know what kind of walls they build between their public stuff and my private stuff.  And, I don't want them controlling my router and my security...   I know they love me, but...
  • Reply 39 of 63
    dewmedewme Posts: 5,335member
    The pessimist in me reacts to these revelations with a "yeah, that's about what I would expect." All governments are heavily involved with surveillance operations through a vast array of military, civil, and clandestine agencies. This has always been the case and the advent of global interconnectivity simply creates more opportunities for data collection. Just look at the creativity and ingenuity of low class thieves who build ATM and credit card skimmers. Scale that up to much smarter, highly orchestrated, and more creative minds backed by hundreds of billions of dollars in funding from an undepletable supply of money, I.e., taxpayers, and not even the sky is the limit. There are virtually no limits on what's possible technically or through authoritarian means. Your best bet is to assume that you have no absolute privacy or security when using any form of communication that involves mediums outside of your control. However, except for an infinitesimaly small number of individuals or groups, the agencies with the means to collect your personal information don't care about you or what you're doing. If they did care you're probably already compromised.

    The optimist in me says I'm still hopeful that Apple is not really getting out of the router business but is instead working on a more focused and Apple ecosystem focused "connectivity appliance" that includes much more functionality than simply routing and wifi access point. Additional functionality could include a HomeKit gateway, iTunes downloads cache (so shared content only downloads one time), iCloud cache/queue, enhanced firewall with deep packet inspection, VPN, security scanner, hardware based encryption, device diagnostics service (for remote diagnosis of HomeKit and Apple devices), edge service Apps, cloud storage service federation, etc. ... Just to name a few. So rather than Apple only being a supplier of better quality traditional routers it becomes the sole supplier of a new class of an Apple ecosystem enhancing appliance that goes far beyond traditional routers. Non Apple systems would still be able to use the new appliance for traditional routing, wifi access, iCloud and iTunes service enhancements, and some but not all edge service Apps. 
    pscooter63GeorgeBMac
  • Reply 40 of 63
    This makes it all the more a shame that Apple has apparently exited the router market (as far as updating them). in all my years, the Airport line has been the easiest (by a country mile) and most reliable routers available. The Airport Extreme and Time Capsule are still listed for sale on Apple's website. The Express, however, is not!
    dysamoriaireland
Sign In or Register to comment.