Routers: The new Achilles heel of security systems...
Is this why Apple got out of the router business --- despite the fact that, for the common user, home networking continues to be a confusing mess that works poorly?
Apple continues to focus on the home and office environments with MacMini, MacPro, HomePod, AppleTV, etc... Yet, despite their obvious preference to control all aspects of their products -- integrating hardware, software and cloud -- they abandon the critical networking function, the foundation, that enables them to function.
Apple ain't dumb. They don't make many stupid decisions. So, I suspect that there is a piece to this that we're all missing...
I was thinking the exact same thing. The encryption debate seems to have died out.. maybe the compromise was for Apple to not create secure routers, which, for Apple, meant not create them at all.
“Rebooting a router won't kill the malware, but will temporarily disrupt it and may help identify affected hardware”
That’s not terribly reassuring or helpful, although I read in another report that they had identified and blocked the server that was being used to control the malware, so evidently rebooting will interrupt the connection and once it’s interrupted it won’t be able to reconnect?
Has as anyone seen a method to eliminate the malware? Non of the articles I’ve read have much info beyond telling you to reboot. It appears that the only option is to update the firmware for your router. Also, we have an AMPLIFI mesh router that requires you to use an app with remote administration. Turning off remote admin isn’t an option.
“Rebooting a router won't kill the malware, but will temporarily disrupt it and may help identify affected hardware”
That’s not terribly reassuring or helpful, although I read in another report that they had identified and blocked the server that was being used to control the malware, so evidently rebooting will interrupt the connection and once it’s interrupted it won’t be able to reconnect?
Has as anyone seen a method to eliminate the malware? Non of the articles I’ve read have much info beyond telling you to reboot. It appears that the only option is to update the firmware for your router.
Update the firmware change your router passwords disable any form of remote management
Just get an Apple router before supplies run out. I have an AirPort Extreme 5th gen (square, flat box). Thinking of getting the 6th gen (tall rectangular box) before Supply runs out. Once they’re gone no more will be made.
“Rebooting the router” isn’t a solution. That’s the best they could come up with?
Sure it is. A lot of malware which affects devices like routers doesn't actually get written to persistent storage. Mirai, for example, infected a large number of cameras, routers, and other devices, but only stayed in RAM. Rebooting clears the infection, though systems typically get reinfected pretty rapidly if the source of the original issue wasn't fixed.
“Rebooting a router won't kill the malware, but will temporarily disrupt it and may help identify affected hardware”
That’s not terribly reassuring or helpful, although I read in another report that they had identified and blocked the server that was being used to control the malware, so evidently rebooting will interrupt the connection and once it’s interrupted it won’t be able to reconnect?
Has as anyone seen a method to eliminate the malware? Non of the articles I’ve read have much info beyond telling you to reboot. It appears that the only option is to update the firmware for your router.
Update the firmware change your router passwords disable any form of remote management
Just get an Apple router before supplies run out. I have an AirPort Extreme 5th gen (square, flat box). Thinking of getting the 6th gen (tall rectangular box) before Supply runs out. Once they’re gone no more will be made.
I have a couple 5th gen Extremes also. Will we run into an issue of updating/support against new threats when Apple stops manufacturing and eventually supporting these devices?
... The probability of you being the target of someone like this is pretty remote unless of course you’ve done something to annoy these people...
To the Russian government (sponsoring these cyber attacks) living in America is sufficient to warrant hijacking your router. American residences are not the objective target here. The objective of the Russians is to take control of as many American home routers as possible to mount cyber attacks against our nation’s facilities: Hospitals, banks, power grids, emergency response centers, airports, communications networks, etc, etc. They are doing it to Ukraine already.
I believe that the reason they're asking for reboots is so that the can monitor the first stage (persistent through reboots) attempting to download further stages, in order to better understand the infrastructure used by the malware.
No, they said that the 2nd and 3rd stage do not survive a reboot and they have taken over the domain used to load those later stages. So if you reboot, you will still have the first stage loaded, but it won't progress beyond that. This is why the first post of this thread is funny and on point. Since the FBI controls the domain now, they could load their own 2nd and 3rd stage payloads.
“Rebooting a router won't kill the malware, but will temporarily disrupt it and may help identify affected hardware”
That’s not terribly reassuring or helpful, although I read in another report that they had identified and blocked the server that was being used to control the malware, so evidently rebooting will interrupt the connection and once it’s interrupted it won’t be able to reconnect?
Has as anyone seen a method to eliminate the malware? Non of the articles I’ve read have much info beyond telling you to reboot. It appears that the only option is to update the firmware for your router.
Update the firmware change your router passwords disable any form of remote management
Just get an Apple router before supplies run out. I have an AirPort Extreme 5th gen (square, flat box). Thinking of getting the 6th gen (tall rectangular box) before Supply runs out. Once they’re gone no more will be made.
I have a couple 5th gen Extremes also. Will we run into an issue of updating/support against new threats when Apple stops manufacturing and eventually supporting these devices?
I don't think I would do that....
Lately, for the past couple years it seems that hackers are finding holes in the router software and the fix is to update the software. ASSUMING that Apple isn't maintaining their software for these routers, they could become more vulnerable than typical.
"As a further precaution people may want to disable remote management, use original secure passwords, and make sure they've updated to the latest firmware."
"May" want to? Should be written as "absolutely should" Also, anyone running hardware supplied by their ISP is unlikely to even be able to update the firmware, especially modems with routers in them. Verizon and cable companies don't usually provide updates to their cheapass router modems. But yeah, let's keep putting the responsibility on the end users...
Comments
That’s not terribly reassuring or helpful, although I read in another report that they had identified and blocked the server that was being used to control the malware, so evidently rebooting will interrupt the connection and once it’s interrupted it won’t be able to reconnect?
Has as anyone seen a method to eliminate the malware? Non of the articles I’ve read have much info beyond telling you to reboot. It appears that the only option is to update the firmware for your router. Also, we have an AMPLIFI mesh router that requires you to use an app with remote administration. Turning off remote admin isn’t an option.
change your router passwords
disable any form of remote management
Just get an Apple router before supplies run out. I have an AirPort Extreme 5th gen (square, flat box). Thinking of getting the 6th gen (tall rectangular box) before Supply runs out. Once they’re gone no more will be made.
To the Russian government (sponsoring these cyber attacks) living in America is sufficient to warrant hijacking your router. American residences are not the objective target here. The objective of the Russians is to take control of as many American home routers as possible to mount cyber attacks against our nation’s facilities: Hospitals, banks, power grids, emergency response centers, airports, communications networks, etc, etc. They are doing it to Ukraine already.
"As a further precaution people may want to disable remote management, use original secure passwords, and make sure they've updated to the latest firmware."
"May" want to? Should be written as "absolutely should" Also, anyone running hardware supplied by their ISP is unlikely to even be able to update the firmware, especially modems with routers in them. Verizon and cable companies don't usually provide updates to their cheapass router modems. But yeah, let's keep putting the responsibility on the end users...