Most used routers aren't properly wiped before being resold
Corporations are doing a lousy job of scrubbing data from used hardwareBy Shawn Knight
Bottom line: The routine purchase of a few second-hand routers recently snowballed into a full-on investigation resulting in some troubling findings. ESET said the moral of the story is that any device leaving your possession or the possession of your company needs to be properly wiped, and that the process should be regularly audited and certified.
Researchers from cybersecurity firm ESET purchased a handful of used routers in order to set up a local test environment and were surprised to see that several of the devices had not been wiped. In disbelief, the firm shifted gears and bought additional hardware to see if their original findings were a fluke.
In total, researchers acquired 18 routers. One was dead on arrival and two were a mirrored pair, so they were treated as a single unit. Even still, the team found intact configuration details and data on 56 percent of the routers.
Unsecured data including customer information, application lists, router authentication keys and more were found on the devices, ESET said. In the wrong hands, the intelligence could provide a bad actor with a significant head start to launch a cyber attack.
ESET said one of the most concerning aspects of the investigation was the response from companies whose data was found on the hardware. While some were reportedly receptive to contact attempts, others flat out ignored multiple notification attempts. A few companies told ESET they had employed third party services to perform media sanitation on their discarded hardware, a job that clearly had not been performed to completion (or at all).
Wiping data from old hardware is one route but to take it a step further, it would probably be best to simply destroy used networking or storage equipment if you are dealing with highly sensitive data. Eating the cost to replace aging hardware would be far more palatable than having to deal with a data breach stemming from improperly wiped hardware. Old hardware is also great if you are into target practice, I've heard.
Image credit: Networking by Jarmoluk, Pins by Pixabay