VPNFilter router malware is worse than first thought, affects more devices

midian182

Posts: 6,076   +50
Staff member

We already knew that the malware, which is said to originate in Russia, can collect data, infect other devices, steal credentials, and even destroy a device by overwriting a critical portion of its firmware. Cisco Talos has now discovered a new stage 3 module that can bypass SSL encryption by intercepting outgoing web requests and turning them into non-encrypted HTTP, helping it to steal sensitive data.

Additionally, the new module can use man-in-the-middle attacks to inject malicious content into web traffic. Another newly discovered feature is the malware’s ability to infect other devices, including PCs on the same local network.

It appears that more routers are affected than previously thought, too. A handful of devices from Linksys, MikroTik, Netgear, QNAP, and TP-Link were originally said to be the only ones vulnerable, but it seems more models from these brands, along with routers from Asus, D-Link, Huawei, Ubiquiti, Upvel and ZTE, are also at risk. You can see the full list at the bottom of this page.

While VPNFilter is mostly targeting routers in Ukraine, suggesting a political motivation, it's strongly recommended that all owners of the affected routers update their firmware or perform a factory reset.

Permalink to story.

 

Gabriel Pike

Posts: 237   +61
Keep your firmware updated! In many cases this vulnerability was discovered last year and all it takes is a firmware update to fix the flaw.
 

roberthi

Posts: 456   +139
Keep your firmware updated! In many cases this vulnerability was discovered last year and all it takes is a firmware update to fix the flaw.
If so, it wouldn't have been an issue in the first place. Do you really think that a firmware update is going to fix things, when companies let this crap out the door? If you're always in catch and fix mode, there's little point to bothering.
 

Gabriel Pike

Posts: 237   +61
If so, it wouldn't have been an issue in the first place. Do you really think that a firmware update is going to fix things, when companies let this crap out the door? If you're always in catch and fix mode, there's little point to bothering.
Updating your equipment is not optional it is mandatory. It is impossible to see all potential future flaws to hardware or software when the methods of attack have not yet been developed. Why do you think computer OS updates happen all of the time?
 

jobeard

Posts: 13,973   +1,778
There is an engineering process called "Code Review" wherein every line of code is examined by team members, analyzed and edited as necessary for standards, style and security compliance. It's easily seen that reading is so time consuming that everyone and his dog will get to market before your "perfected code" ever sees daylight. Therefore, commercial code (as apposed to military/life support) rarely uses code reviews today.

It's also well established after decades of development, that you can NOT test quality into a product - - it comes from great design and standards.

Ergo: Bugs will always exist and must be resolved :sigh:
 
  • Like
Reactions: Gabriel Pike