That’s a bold admission. I guess they aren’t worried about people questioning either how the know or how they are able to remotely control our routers.
Another bit of evidence of the dystopia.
Probably through the same exploit.
This and taking control of botnet control panels are the most common methods.
Something that also often happens is that your home connection has been used in some sort of attack or your IP is found in some other logs and your ISP gets contacted, often even automatically. I had a compromised device on my network once and my ISP kept calling me to fix it. I’m sure if it was router malware some ISPs might use their CWMP or SNMP access to clear it.
That’s a bold admission. I guess they aren’t worried about people questioning either how the know or how they are able to remotely control our routers.
Another bit of evidence of the dystopia.
If anyone is questioning it then they will find that the answers are pretty boring:
Consumer device manufacturers do not give a shit about security.
For the longest time these devices would ship with default passwords (and many likely still do) and allow remote administration from any IP address.
You could, ‘hack’ into a network by simply looking up the manufacturer of the device that you were connecting to and using their default username and password (which was often admin/admin). Then, for your convenience, you could write a firmware update to the router directly from the web interface.
In addition, they rarely perform any kind of automatic updating, so once a vulnerability is discovered there is no way for them to deploy a patch across all of their devices without every individual owner logging into the router console and pressing a button, which is not going to happen at scale.
There’s no nefarious conspiracy inserting backdoors into these products, just boring corporate greed resulting in valuing convenience over security.
I had a friend who would do that as a prank. He’d drive around with a laptop and change people’s wifi password then listen for them to start bitching about the wifi not working. It was a simpler time.
WPA2 has a deauth attack that will do similar. (Note: This is crimes, don’t do crimes)
Their engineered backdoor no doubt
Edit: better/newer article than the prior I supplied.
Maybe try another source?I retired my tp-link Touter over 10 years ago when I learned of their security problems and that they are Chinese.
I hope most other people Savvy enough to buy their own routers rather than just take the one from the isp, would also be smart enough to research the routers for security.
That’s not to say we get it right, but at least we try. I use Asus and installed the open-source firmware that has over the air updates that I can review before I install. It receives regular security fixes, and I block all ports except one that I use for certificate backed VPN.
Hopefully, it does not have a backdoor like the ISP routers. In that case, all bets are off.
The FBI utilized cutting edge technology and leveraged our private sector and international partners to unmask this malicious activity and remediate routers.
Oh so Palantir and Mossad did it.
Awesome.
They’re in there anyway. Might as well do something good.
