{"id":17004,"date":"2017-01-05T05:00:26","date_gmt":"2017-01-05T13:00:26","guid":{"rendered":"http:\/\/www.yardi.com\/blog\/?p=17004"},"modified":"2020-12-24T22:00:13","modified_gmt":"2020-12-25T06:00:13","slug":"rouge-routers","status":"publish","type":"post","link":"https:\/\/www.yardi.com\/blog\/rouge-routers\/","title":{"rendered":"Rogue Routers"},"content":{"rendered":"<p><em>The smart home\u2019s weakest link may be that unassuming router tucked neatly next to your modem.<\/em><\/p>\n<p><strong>[Update: Netgear has released firmware updates for the affected products. Click <a href=\"http:\/\/kb.netgear.com\/000036386\/CVE-2016-582384\">here<\/a> for more information.]<\/strong><\/p>\n<p>While the breach of <a href=\"https:\/\/www.wired.com\/2016\/12\/yahoo-hack-billion-users\/\" target=\"_blank\" rel=\"noopener\">one billion<\/a> Yahoo! Email accounts continues to dominate the new, another internet security crisis continues unabated. As Lily Hay Newman reports in Wired\u2019s <a href=\"https:\/\/www.wired.com\/2016\/12\/ton-popular-netgear-routers-exposed-no-easy-fix\/\" target=\"_blank\" rel=\"noopener\">latest issue<\/a>, Nighthawk line of Netgear routers can be remotely exploited, allowing third-parties to take control of the devices, leaving thousands of home networks open to hackers and \u201c\u201d<a href=\"https:\/\/www.wired.com\/tag\/botnets\" target=\"_blank\" rel=\"noopener\">havoc-wreaking botnets<\/a>.\u201d<\/p>\n<p>\u201cWhile Netgear has finally released a tentative fix for some models,\u201d writes Newman, \u201cthe delays and challenges in patching all of them help illustrate just how at risk the Internet of Things is\u2014and how hard it is to patch up when things go wrong.\u201d<\/p>\n<p><strong>Hacking the Home<\/strong><\/p>\n<p>Like many of the smart devices that make up the \u201cInternet of Things,\u201d routers seem as common &#8211; and as low-tech \u2013 as a toaster or thermostat. But as has already been noted, the ubiquitous nature of many of these \u2018wired\u201d versions of our beloved devices make them almost invisible; and for many smart home inhabitants, <a href=\"http:\/\/www.yardi.com\/blog\/technology\/smart-homes-dumb-security\/16821.html\">invisibility is a weakness<\/a>.<\/p>\n<p>\u201cIf we want to put networked technologies into more and more things, we also have to find a way to make them safer,\u201d Michael Walker, program manager and computer security expert for the Pentagon\u2019s advanced research arm recently told the <a href=\"http:\/\/www.nytimes.com\/2016\/10\/17\/technology\/security-internet.html?_r=0\" target=\"_blank\" rel=\"noopener\">New York Times<\/a>. \u201cIt\u2019s a challenge for civilization.\u201d<\/p>\n<p><strong>Routers Gone Wrong<\/strong><\/p>\n<p>Andrew Rollins, a security researcher with the handle Acew0rm, notified Netgear about the security flaw back in August but never heard back from the company. As months went by with no fix \u2013 presumably exposing thousand<img loading=\"lazy\" decoding=\"async\" class=\"alignright wp-image-17026\" src=\"https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2016\/12\/shutterstock_455827165.jpg\" alt=\"shutterstock_455827165\" width=\"493\" height=\"329\" srcset=\"https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2016\/12\/shutterstock_455827165.jpg 1000w, https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2016\/12\/shutterstock_455827165.jpg?resize=768,512 768w, https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2016\/12\/shutterstock_455827165.jpg?w=400 400w, https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2016\/12\/shutterstock_455827165.jpg?w=500 500w, https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2016\/12\/shutterstock_455827165.jpg?w=600 600w, https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2016\/12\/shutterstock_455827165.jpg?w=720 720w, https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2016\/12\/shutterstock_455827165.jpg?w=800 800w\" sizes=\"auto, (max-width: 493px) 100vw, 493px\" \/>s of users in the interim \u2013 Rollins eventually chose to go public. His announcement of Netgear router backdoor eventually triggered a Department of Homeland <a href=\"https:\/\/www.kb.cert.org\/vuls\/id\/582384\" target=\"_blank\" rel=\"noopener\">CERT notice<\/a> suggesting Netgear users disable their web service, disable remote administration, or unplug their devices.<\/p>\n<p>\u201cThe flaw allows unauthenticated web pages to access the command-line and then execute malicious commands, which could lead to total system takeover, explains the CERT notice before assuring users, \u201cExploiting this vulnerability is trivial.\u201d<\/p>\n<p>Netgear confirmed eight of its router models \u201cmight be vulnerable\u201d to attack (R6250, R6400, R6700, R7000, R7100LG, R7300, R7900, R8000), including three of the company\u2019s bestsellers. Though a set of beta patches for some of the affected models were released by the company, Netgear admits the fix \u201cmight not work for all users.\u201d Adding an extra layer of complication, Netgear customers will need to manually install the firmware on their own, as there are no plans to push an over-the-air update at this time.<\/p>\n<p>In a statement about the issue, a representative for Netgear said the company strives &#8220;to earn and maintain the trust&#8221; of its users, is &#8220;actively working to provide solution for our customers.&#8221;<\/p>\n<p>\u201cIt\u2019s making them look very incompetent,\u201d Rollins tells Wired, adding the flaw he discovered \u201cis not that hard to fix at all.\u201d<\/p>\n<p><strong>Mending (Router) Fences<\/strong><\/p>\n<p>Alternatives to the Netgear fix are available. In addition to the CERT advisory, some online tutorials exist. Computer science researcher Bas van Schaik has posted <a href=\"http:\/\/www.sj-vs.net\/a-temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers\/\" target=\"_blank\" rel=\"noopener\">online<\/a> a systematic process for securing most of the Netgear routers. He begins by advising users first to check if they are susceptible by following a particular router login link: <a href=\"http:\/\/www.routerlogin.net\/cgi-bin\/;uname$IFS-a\" target=\"_blank\" rel=\"noopener\">http:\/\/www.routerlogin.net\/cgi-bin\/;uname$IFS-a<\/a>,<\/p>\n<p>\u201cIf a web page appears (which is not an error),\u201d writes van Schaik, \u201cYou\u2019re vulnerable.\u201d<\/p>\n<p>For those needing a fix, van Schaik details the method of patching up the security hole and (hopefully) fending off any attempted hacks, with one caveat.<\/p>\n<p>\u201cYou are now safe,\u201d he concludes, \u201cBut don\u2019t forget: after turning your router off and on again (or a power cut!), the web server process will start again, and you will be vulnerable.\u201d<\/p>\n<p><strong>No Alerts and Zero Warning<\/strong><\/p>\n<p>Unfortunately, this type of exposure to cyber-attacks will only expand as more and more smart devices go online. As each smart homes joins the Internet of Things, infections and online hacks will continue to exploit any vulnerability. Without early warning systems or any straightforward notification systems, many of these security breaches may go unnoticed until it\u2019s too late.<\/p>\n<p>\u201c\u201cIt\u2019s got to get to the level that it\u2019s simple in terms of notification and procedure to upgrade for users. Otherwise, we end up with the problem we have,\u201d says Morey Haber, vice president of technology at the security firm BeyondTrust. \u201cThere are many devices are out there that are complex and not easy to update, and people don\u2019t even know it.\u201d<\/p>\n<p>\u201cAnd as long as so many devices are vulnerable,\u201d concludes Wired\u2019s Lily Hay Newman, \u201cattackers will actively\u00a0<a href=\"https:\/\/www.wired.com\/2016\/12\/botnet-broke-internet-isnt-going-away\/\" target=\"_blank\" rel=\"noopener\">look to exploit them<\/a>. It\u2019s a vicious cycle, one that\u2019s playing out for many Netgear owners in real time.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The smart home\u2019s weakest link may be that unassuming router tucked neatly next to your modem.<\/p>\n","protected":false},"author":103,"featured_media":17026,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_s2mail":"yes","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[6],"tags":[9,1777,64,1014,1778,484,1776,1678,76],"class_list":["post-17004","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology","tag-consumer-technology","tag-cyber-seucirty","tag-internet","tag-internet-of-things","tag-internet-security","tag-ios","tag-routers","tag-smart-homes","tag-technology-2"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v23.4 (Yoast SEO v24.6) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Yardi Blog<\/title>\n<meta name=\"description\" content=\"The smart home\u2019s weakest link may be that unassuming router tucked neatly next to your modem.\" \/>\n<meta name=\"robots\" content=\"noindex, follow\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Rogue Routers\" \/>\n<meta property=\"og:description\" content=\"The smart home\u2019s weakest link may be that unassuming router tucked neatly next to your modem.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.yardi.com\/blog\/rouge-routers\/\" \/>\n<meta property=\"og:site_name\" content=\"Yardi Blog\" \/>\n<meta property=\"article:published_time\" content=\"2017-01-05T13:00:26+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-12-25T06:00:13+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2016\/12\/shutterstock_455827165.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"667\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Cutright Elizabeth\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Cutright Elizabeth\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.yardi.com\/blog\/rouge-routers\/\",\"url\":\"https:\/\/www.yardi.com\/blog\/rouge-routers\/\",\"name\":\"Rogue Routers - Yardi Corporate Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.yardi.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.yardi.com\/blog\/rouge-routers\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.yardi.com\/blog\/rouge-routers\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2016\/12\/shutterstock_455827165.jpg\",\"datePublished\":\"2017-01-05T13:00:26+00:00\",\"dateModified\":\"2020-12-25T06:00:13+00:00\",\"author\":{\"@id\":\"https:\/\/www.yardi.com\/blog\/#\/schema\/person\/dba832121806bbec3d280d6cdde90b4d\"},\"description\":\"The smart home\u2019s weakest link may be that unassuming router tucked neatly next to your modem.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.yardi.com\/blog\/rouge-routers\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.yardi.com\/blog\/rouge-routers\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.yardi.com\/blog\/rouge-routers\/#primaryimage\",\"url\":\"https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2016\/12\/shutterstock_455827165.jpg\",\"contentUrl\":\"https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2016\/12\/shutterstock_455827165.jpg\",\"width\":1000,\"height\":667},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.yardi.com\/blog\/rouge-routers\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.yardi.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Rogue Routers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.yardi.com\/blog\/#website\",\"url\":\"https:\/\/www.yardi.com\/blog\/\",\"name\":\"Yardi Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.yardi.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.yardi.com\/blog\/#\/schema\/person\/dba832121806bbec3d280d6cdde90b4d\",\"name\":\"Cutright Elizabeth\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.yardi.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4016b5eabd512619820fc63946d01cd983acc211f98fbc559a890a5b4b27c559?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4016b5eabd512619820fc63946d01cd983acc211f98fbc559a890a5b4b27c559?s=96&d=mm&r=g\",\"caption\":\"Cutright Elizabeth\"},\"description\":\"Elizabeth Cutright is an award-winning writer and editor with over 20 years of experience in journalism, publishing and online content creation. A film school grad with a law degree from the University of San Diego, outside of work Elizabeth can usually be found in the pool, on a hiking trail, or sampling Santa Barbara\u2019s latest vintage.\",\"url\":\"https:\/\/www.yardi.com\/blog\/author\/elizabeth-cutright-2\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Yardi Blog","description":"The smart home\u2019s weakest link may be that unassuming router tucked neatly next to your modem.","robots":{"index":"noindex","follow":"follow"},"og_locale":"en_US","og_type":"article","og_title":"Rogue Routers","og_description":"The smart home\u2019s weakest link may be that unassuming router tucked neatly next to your modem.","og_url":"https:\/\/www.yardi.com\/blog\/rouge-routers\/","og_site_name":"Yardi Blog","article_published_time":"2017-01-05T13:00:26+00:00","article_modified_time":"2020-12-25T06:00:13+00:00","og_image":[{"width":1000,"height":667,"url":"https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2016\/12\/shutterstock_455827165.jpg","type":"image\/jpeg"}],"author":"Cutright Elizabeth","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Cutright Elizabeth","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.yardi.com\/blog\/rouge-routers\/","url":"https:\/\/www.yardi.com\/blog\/rouge-routers\/","name":"Rogue Routers - Yardi Corporate Blog","isPartOf":{"@id":"https:\/\/www.yardi.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.yardi.com\/blog\/rouge-routers\/#primaryimage"},"image":{"@id":"https:\/\/www.yardi.com\/blog\/rouge-routers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2016\/12\/shutterstock_455827165.jpg","datePublished":"2017-01-05T13:00:26+00:00","dateModified":"2020-12-25T06:00:13+00:00","author":{"@id":"https:\/\/www.yardi.com\/blog\/#\/schema\/person\/dba832121806bbec3d280d6cdde90b4d"},"description":"The smart home\u2019s weakest link may be that unassuming router tucked neatly next to your modem.","breadcrumb":{"@id":"https:\/\/www.yardi.com\/blog\/rouge-routers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.yardi.com\/blog\/rouge-routers\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.yardi.com\/blog\/rouge-routers\/#primaryimage","url":"https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2016\/12\/shutterstock_455827165.jpg","contentUrl":"https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2016\/12\/shutterstock_455827165.jpg","width":1000,"height":667},{"@type":"BreadcrumbList","@id":"https:\/\/www.yardi.com\/blog\/rouge-routers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.yardi.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Rogue Routers"}]},{"@type":"WebSite","@id":"https:\/\/www.yardi.com\/blog\/#website","url":"https:\/\/www.yardi.com\/blog\/","name":"Yardi Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.yardi.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.yardi.com\/blog\/#\/schema\/person\/dba832121806bbec3d280d6cdde90b4d","name":"Cutright Elizabeth","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.yardi.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/4016b5eabd512619820fc63946d01cd983acc211f98fbc559a890a5b4b27c559?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4016b5eabd512619820fc63946d01cd983acc211f98fbc559a890a5b4b27c559?s=96&d=mm&r=g","caption":"Cutright Elizabeth"},"description":"Elizabeth Cutright is an award-winning writer and editor with over 20 years of experience in journalism, publishing and online content creation. A film school grad with a law degree from the University of San Diego, outside of work Elizabeth can usually be found in the pool, on a hiking trail, or sampling Santa Barbara\u2019s latest vintage.","url":"https:\/\/www.yardi.com\/blog\/author\/elizabeth-cutright-2\/"}]}},"jetpack_featured_media_url":"https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2016\/12\/shutterstock_455827165.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.yardi.com\/blog\/wp-json\/wp\/v2\/posts\/17004","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.yardi.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.yardi.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.yardi.com\/blog\/wp-json\/wp\/v2\/users\/103"}],"replies":[{"embeddable":true,"href":"https:\/\/www.yardi.com\/blog\/wp-json\/wp\/v2\/comments?post=17004"}],"version-history":[{"count":9,"href":"https:\/\/www.yardi.com\/blog\/wp-json\/wp\/v2\/posts\/17004\/revisions"}],"predecessor-version":[{"id":27667,"href":"https:\/\/www.yardi.com\/blog\/wp-json\/wp\/v2\/posts\/17004\/revisions\/27667"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.yardi.com\/blog\/wp-json\/wp\/v2\/media\/17026"}],"wp:attachment":[{"href":"https:\/\/www.yardi.com\/blog\/wp-json\/wp\/v2\/media?parent=17004"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.yardi.com\/blog\/wp-json\/wp\/v2\/categories?post=17004"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.yardi.com\/blog\/wp-json\/wp\/v2\/tags?post=17004"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}