Posted on 10/09/2015 10:56:42 PM PDT by WhiskeyX
A security researcher in the US has said his Netgear router was hacked after attackers exploited a flaw in the machine.
Joe Giron told the BBC that he discovered altered admin settings on his personal router on 28 September.
The compromised router was hacked to send web browsing data to a malicious internet address.
Netgear says the vulnerability is "serious" but affects fewer than 5,000 devices.
Mr Giron found that the Domain Name System (DNS) settings on his router had been changed to a suspicious IP address.
"Normally I set mine to Google's [IP address] and it wasn't that, it was something else," he said.
"For two or three days all my DNS traffic was being sent over to them."
(Excerpt) Read more at bbc.com ...
Tech / apple / android pings
http://www.shellshocklabs.com/2015/09/part-1en-hacking-netgear-jwnr2010v5.html
http://www.csnc.ch/misc/files/advisories/CSNC-2015-007_Netgear_WNR1000v4_AuthBypass.txt
Gotta love the ‘concerned’ reporting of an exploit.
Okay, guess that's what I'll do, too. Damn!
The vulnerability itself is an authentication bypass that affects the N300_1.1.0.31_1.0.1.img and N300-1.1.0.28_1.0.1.img versions of the firmware. If users have remote administration turned on (it's off by default), anyone with Internet access could theoretically hack into a Netgear router and pick up information from it, as well as install tracking or keylogging software. If remote administration is turned off, an attacker can still take advantage of the flaw, assuming that he or she is physically connected to the router, or on the same Wi-Fi network.
When I’m on the road I use a Netgear WiFi hotspot. Is that the same thing? It’s a Boost mobile through Sprint.
huh... I’m thinking a goverment that interprets laws to accommodate their actions might use this exploit to say...
...put child porn on a government critics computer, then hold this embarrassing breech of the law over the critics head to make them dance to another tune. Like BO’s tune.
“According to Shellshock, this vulnerability affects Netgear JNR1010v2, JNR3000, JWNR2000v5, JWNR2010v5, N300, R3250, WNR2020, WNR614, and WNR618 models.”
Thanks for posting those!
So as I read it, if I don’t have the remote operation turned on, I’m in the clear.
Now I’m trying to unfreeze my NOOK book reader. Went on-line and all their help hasn’t done it. It shows the screen saver but the battery is out and plugged into its charger. Just can’t turn it off. Weird.
Bump to the top
I don’t have a nook, but it’s probably looking for power events in SW so if the SW is hosed it won’t respond to a power switch. My kindle uses the power switch a suggestion, not a command. But it has never frozen.
Thanks for checking. Further research said to remove battery. Did that, can’t now figure out how the screen saver is showing with no power. Was told that removing battery then replacing it would make it reboot. Talked to NOOK tech and advised to take it to B&N for testing and/or get an upgrade. Figgers.
Screen saver doesn’t need power. It’s one of the main design features of readers, they only use power when changing the screen.
Well that solves that mystery.So I guess the battery is really dead then.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.