Menu
What's new
By:
Filters Better Search

Article on how easy it is to hack routers, uses RT-AC66u as examples etc

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

In the article is a link to
http://securityevaluators.com//content/case-studies/routers/soho_router_hacks.jsp

lists the 13 routers and Asus AC66U is not among those listed as tested.

kayakj said:
http://news.cnet.com/8301-1009_3-57579981-83/top-wi-fi-routers-easy-to-hack-says-study/ ( it was posted April 17, 2013) thought I would share, since it seems to have multiple pictures of Asus routers ..

It doesnt seem to pinpoint what causes the vulnerabilities, but I assume Merlin's build suffers from it as well since it is close to stock?
Click to expand...
 
They show a big large Asus router, they show screenshots of an Asus router, they mention "routers like this one", and in small prints they specify that "this actual router was NOT tested".

Totally unprofessional, if you ask me. Almost makes you wonder if there wasn't any ulterior motives behind the article...
 
RMerlin said:
They show a big large Asus router, they show screenshots of an Asus router, they mention "routers like this one", and in small prints they specify that "this actual router was NOT tested".

Totally unprofessional, if you ask me. Almost makes you wonder if there wasn't any ulterior motives behind the article...
Click to expand...

I am not an Asus fanboy but I agree it was unprofessional. However, keep in mind that models for 5 routers that were tested are not released yet.
 
JoeSchmoe007 said:
I am not an Asus fanboy but I agree it was unprofessional. However, keep in mind that models for 5 routers that were tested are not released yet.
Click to expand...

That's true.

Tim posted a very interesting article a few months ago (http://www.smallnetbuilder.com/lanw...3-does-alternative-firmware-break-your-router) about the results of an exhaustive test suite that he ran against various firmwares running on an RT-N66U. Such suites should be a mandatory part of every router development IMHO, as they can quickly expose flaws.

Part of the problem is that these routers are most of the time inexpensive devices aimed at home users. That means they can't afford to spend too much time and money on development and validation (or else they won't be able to sell them at the current price points anymore), or they have to balance ease of use with security. I suspect that if those home routers were made to be as secure as an enterprise device, they would quite often be too complex to even setup by a home user.

There's a reason why a Sonicwall device costs 5x more than an Asus or a Belkin device, and they don't target home users either.
 
Last edited by a moderator:
Hey Merlin,

How long do you think will take for ASUS to roll an update to prevent this issue?
 
tamalero said:
Hey Merlin,

How long do you think will take for ASUS to roll an update to prevent this issue?
Click to expand...

What issue? No issues were disclosed for any of Asus routers. Not that they are guaranteed not to have any but there was nothing disclosed in this article.
 
Common Sense Precautions

Based on the article which did not specifically mention ASUS:

1. Change the user name and use a strong password on your router.

2. Unless you have the requirement don't enable router administration over the WAN.

3. Log off your router when not actively administering it or looking at the data as if you leave it open on a tabbed browser it is somewhat more likely that it could be hacked.

4. Finally disable the WiFi radios at times when you are not using them (night and days when at work.)

5. Be careful around your home or office about leaving unused Ethernet ports hot if they are somewhere that someone could easily access them.
 
CaptainSTX said:
Based on the article which did not specifically mention ASUS:

1. Change the user name and use a strong password on your router.

2. Unless you have the requirement don't enable router administration over the WAN.

3. Log off your router when not actively administering it or looking at the data as if you leave it open on a tabbed browser it is somewhat more likely that it could be hacked.

4. Finally disable the WiFi radios at times when you are not using them (night and days when at work.)

5. Be careful around your home or office about leaving unused Ethernet ports hot if they are somewhere that someone could easily access them.
Click to expand...



I might be very dense here, but in the UI for the AC66u there is a way of turning the radios on at a time, sort of a cron job, is there a way in the UI to turn the radios off say at 4:00am then turn them back on at 6:00 am or something every day?
 
Radio Control

In the wireless setup under professional settings (Merlin V26) you have on and off settings for both the 2.4Ghz and the 5 Ghz radios.
 
CaptainSTX said:
In the wireless setup under professional settings (Merlin V26) you have on and off settings for both the 2.4Ghz and the 5 Ghz radios.
Click to expand...

Yeah i can turn them off, but i have to do that manually. then i can set it up to turn on automatically the next day.

Would have been nice to have UI to turn it off automatically too.
 
vdemarco said:
Yeah i can turn them off, but i have to do that manually. then i can set it up to turn on automatically the next day.

Would have been nice to have UI to turn it off automatically too.
Click to expand...

There is. Check right under that radio enable/disable option:

Code: 
Enable wireless scheduler
 
RMerlin said:
There is. Check right under that radio enable/disable option:

Code: 
Enable wireless scheduler
Click to expand...

I am feeling super stupid here, but all i see is "Date to Enable radio" where is the "Date or time to Disable radio"
 
vdemarco said:
I am feeling super stupid here, but all i see is "Date to Enable radio" where is the "Date or time to Disable radio"
Click to expand...

If you enable the scheduler and tell it to enable the radio from 9am until 10pm, then the radio will obviously be turned off from 10pm until 9am next morning :)
 
JoeSchmoe007 said:
What issue? No issues were disclosed for any of Asus routers. Not that they are guaranteed not to have any but there was nothing disclosed in this article.
Click to expand...

a) there are routers that are TBA in the list, they seem to be adding one by one.
b) the picture of the N66 was in the front page.
all the routers seem to be "top of the line"
c) you really would tell everyone the weakness of some router without getting a patch first? I wouldn't be surprised if the guys of the research page did contact ASUS first(or the other manufacturers), before releasing the name of the affected routers.
 
RMerlin said:
If you enable the scheduler and tell it to enable the radio from 9am until 10pm, then the radio will obviously be turned off from 10pm until 9am next morning :)
Click to expand...

I just noticed that its a time range. So sorry your right

I was just being dense

Thanks
 
You must log in or register to reply here.

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 792 (members: 15, guests: 777)
Top