{"id":11292,"date":"2017-09-06T06:55:31","date_gmt":"2017-09-06T06:55:31","guid":{"rendered":"https:\/\/www.schneier.com\/security_vulner_9\/"},"modified":"2020-01-29T08:02:26","modified_gmt":"2020-01-29T08:02:26","slug":"security_vulner_9","status":"publish","type":"post","link":"https:\/\/www.schneier.com\/blog\/archives\/2017\/09\/security_vulner_9.html","title":{"rendered":"Security Vulnerabilities in AT&T Routers"},"content":{"rendered":"<p>They&#8217;re actually Arris routers, sold or given away by AT&#038;T. There <a href=\"https:\/\/phys.org\/news\/2017-09-flaws-smart-home-products.html\">are<\/a> <a href=\"http:\/\/www.zdnet.com\/article\/flaws-in-att-routers-put-customers-at-risk\/\">several<\/a> <a href=\"https:\/\/www.tomsguide.com\/us\/arris-att-router-modem-flaws,news-25787.html\">security<\/a> <a href=\"http:\/\/securityaffairs.co\/wordpress\/62553\/hacking\/flaws-arris-modems-att.html\">vulnerabilities<\/a>, some of them very serious. They <a href=\"https:\/\/www.nomotion.net\/blog\/sharknatto\/\">can be fixed<\/a>, but because these are routers it takes some skill. We don&#8217;t know how many routers are affected, and estimates range from thousands to <a href=\"https:\/\/twitter.com\/0xDUDE\/status\/903139505603051520\">138,000<\/a>.<\/p>\n<blockquote><p>Among the vulnerabilities are hardcoded credentials, which can allow &#8220;root&#8221; remote access to an affected device, giving an attacker full control over the router. An attacker can connect to an affected router and log-in with a publicly-disclosed username and password, granting access to the modem&#8217;s menu-driven shell. An attacker can view and change the Wi-Fi router name and password, and alter the network&#8217;s setup, such as rerouting internet traffic to a malicious server.<\/p>\n<p>The shell also allows the attacker to control a module that&#8217;s <a href=\"http:\/\/www.zdnet.com\/article\/comcast-injects-copyright-warnings-into-your-browser\/\">dedicated to injecting advertisements<\/a> into unencrypted web traffic, a common tactic used by internet providers and <a href=\"http:\/\/www.zdnet.com\/article\/privacy-group-accuses-hotspot-shield-of-snooping-on-web-traffic\/\">other web companies<\/a>. Hutchins said that there was &#8220;no clear evidence&#8221; to suggest the module was running but noted that it was still vulnerable, allowing an attacker to inject their own money-making ad campaigns or malware.<\/p><\/blockquote>\n<p>I have written about router vulnerabilities, and why the economics of their production <a href=\"https:\/\/www.wired.com\/2014\/01\/theres-no-good-way-to-patch-the-internet-of-things-and-thats-a-huge-problem\/\">makes them inevitable<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<div class=\"post-excerpt\"><p>They&#8217;re actually Arris routers, sold or given away by AT&#038;T. There <a href=\"https:\/\/phys.org\/news\/2017-09-flaws-smart-home-products.html\">are<\/a> <a href=\"http:\/\/www.zdnet.com\/article\/flaws-in-att-routers-put-customers-at-risk\/\">several<\/a> <a href=\"https:\/\/www.tomsguide.com\/us\/arris-att-router-modem-flaws,news-25787.html\">security<\/a> <a href=\"http:\/\/securityaffairs.co\/wordpress\/62553\/hacking\/flaws-arris-modems-att.html\">vulnerabilities<\/a>, some of them very serious. They <a href=\"https:\/\/www.nomotion.net\/blog\/sharknatto\/\">can be fixed<\/a>, but because these are routers it takes some skill. We don&#8217;t know how many routers are affected, and estimates range from thousands to <a href=\"https:\/\/twitter.com\/0xDUDE\/status\/903139505603051520\">138,000<\/a>.<\/p>\n<blockquote>\n<p>Among the vulnerabilities are hardcoded credentials, which can allow &#8220;root&#8221; remote access to an affected device, giving an attacker full control over the router. An attacker can connect to an affected router and log-in with a publicly-disclosed username and password, granting access to the modem&#8217;s menu-driven shell. An attacker can view and change the Wi-Fi router name and password, and alter the network&#8217;s setup, such as rerouting internet traffic to a malicious server&#8230;<\/p>\n<\/blockquote>\n<\/div><div class=\"readmore\"><a href=\"https:\/\/www.schneier.com\/blog\/archives\/2017\/09\/security_vulner_9.html\">Read More \u2192<\/a><\/div>","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"{title}\n\n{excerpt}\n\n{url}","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"_wpas_customize_per_network":false,"jetpack_post_was_ever_published":false},"categories":[1],"tags":[496,149,474,142],"class_list":["post-11292","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-att","tag-encryption","tag-security-engineering","tag-vulnerabilities"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Security Vulnerabilities in AT&amp;T Routers - Schneier on Security<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.schneier.com\/blog\/archives\/2017\/09\/security_vulner_9.html\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Security Vulnerabilities in AT&amp;T Routers - Schneier on Security\" \/>\n<meta property=\"og:description\" content=\"They&#8217;re actually Arris routers, sold or given away by AT&#038;T. There are several security vulnerabilities, some of them very serious. They can be fixed, but because these are routers it takes some skill. We don&#8217;t know how many routers are affected, and estimates range from thousands to 138,000. Among the vulnerabilities are hardcoded credentials, which can allow &#8220;root&#8221; remote access to an affected device, giving an attacker full control over the router. An attacker can connect to an affected router and log-in with a publicly-disclosed username and password, granting access to the modem&#8217;s menu-driven shell. An attacker can view and change the Wi-Fi router name and password, and alter the network&#8217;s setup, such as rerouting internet traffic to a malicious server...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.schneier.com\/blog\/archives\/2017\/09\/security_vulner_9.html\" \/>\n<meta property=\"og:site_name\" content=\"Schneier on Security\" \/>\n<meta property=\"article:published_time\" content=\"2017-09-06T06:55:31+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-01-29T08:02:26+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.schneier.com\\\/blog\\\/archives\\\/2017\\\/09\\\/security_vulner_9.html#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.schneier.com\\\/blog\\\/archives\\\/2017\\\/09\\\/security_vulner_9.html\"},\"author\":{\"name\":\"\",\"@id\":\"\"},\"headline\":\"Security Vulnerabilities in AT&T Routers\",\"datePublished\":\"2017-09-06T06:55:31+00:00\",\"dateModified\":\"2020-01-29T08:02:26+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.schneier.com\\\/blog\\\/archives\\\/2017\\\/09\\\/security_vulner_9.html\"},\"wordCount\":212,\"commentCount\":28,\"keywords\":[\"AT&amp;T\",\"encryption\",\"security engineering\",\"vulnerabilities\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.schneier.com\\\/blog\\\/archives\\\/2017\\\/09\\\/security_vulner_9.html#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.schneier.com\\\/blog\\\/archives\\\/2017\\\/09\\\/security_vulner_9.html\",\"url\":\"https:\\\/\\\/www.schneier.com\\\/blog\\\/archives\\\/2017\\\/09\\\/security_vulner_9.html\",\"name\":\"Security Vulnerabilities in AT&amp;T Routers - Schneier on Security\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.schneier.com\\\/#website\"},\"datePublished\":\"2017-09-06T06:55:31+00:00\",\"dateModified\":\"2020-01-29T08:02:26+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.schneier.com\\\/blog\\\/archives\\\/2017\\\/09\\\/security_vulner_9.html#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.schneier.com\\\/blog\\\/archives\\\/2017\\\/09\\\/security_vulner_9.html\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.schneier.com\\\/blog\\\/archives\\\/2017\\\/09\\\/security_vulner_9.html#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.schneier.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security Vulnerabilities in AT&T Routers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.schneier.com\\\/#website\",\"url\":\"https:\\\/\\\/www.schneier.com\\\/\",\"name\":\"Schneier on Security\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.schneier.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Security Vulnerabilities in AT&amp;T Routers - Schneier on Security","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.schneier.com\/blog\/archives\/2017\/09\/security_vulner_9.html","og_locale":"en_US","og_type":"article","og_title":"Security Vulnerabilities in AT&amp;T Routers - Schneier on Security","og_description":"They&#8217;re actually Arris routers, sold or given away by AT&#038;T. There are several security vulnerabilities, some of them very serious. They can be fixed, but because these are routers it takes some skill. We don&#8217;t know how many routers are affected, and estimates range from thousands to 138,000. Among the vulnerabilities are hardcoded credentials, which can allow &#8220;root&#8221; remote access to an affected device, giving an attacker full control over the router. An attacker can connect to an affected router and log-in with a publicly-disclosed username and password, granting access to the modem&#8217;s menu-driven shell. An attacker can view and change the Wi-Fi router name and password, and alter the network&#8217;s setup, such as rerouting internet traffic to a malicious server...","og_url":"https:\/\/www.schneier.com\/blog\/archives\/2017\/09\/security_vulner_9.html","og_site_name":"Schneier on Security","article_published_time":"2017-09-06T06:55:31+00:00","article_modified_time":"2020-01-29T08:02:26+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.schneier.com\/blog\/archives\/2017\/09\/security_vulner_9.html#article","isPartOf":{"@id":"https:\/\/www.schneier.com\/blog\/archives\/2017\/09\/security_vulner_9.html"},"author":{"name":"","@id":""},"headline":"Security Vulnerabilities in AT&T Routers","datePublished":"2017-09-06T06:55:31+00:00","dateModified":"2020-01-29T08:02:26+00:00","mainEntityOfPage":{"@id":"https:\/\/www.schneier.com\/blog\/archives\/2017\/09\/security_vulner_9.html"},"wordCount":212,"commentCount":28,"keywords":["AT&amp;T","encryption","security engineering","vulnerabilities"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.schneier.com\/blog\/archives\/2017\/09\/security_vulner_9.html#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.schneier.com\/blog\/archives\/2017\/09\/security_vulner_9.html","url":"https:\/\/www.schneier.com\/blog\/archives\/2017\/09\/security_vulner_9.html","name":"Security Vulnerabilities in AT&amp;T Routers - Schneier on Security","isPartOf":{"@id":"https:\/\/www.schneier.com\/#website"},"datePublished":"2017-09-06T06:55:31+00:00","dateModified":"2020-01-29T08:02:26+00:00","author":{"@id":""},"breadcrumb":{"@id":"https:\/\/www.schneier.com\/blog\/archives\/2017\/09\/security_vulner_9.html#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.schneier.com\/blog\/archives\/2017\/09\/security_vulner_9.html"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.schneier.com\/blog\/archives\/2017\/09\/security_vulner_9.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.schneier.com\/"},{"@type":"ListItem","position":2,"name":"Security Vulnerabilities in AT&T Routers"}]},{"@type":"WebSite","@id":"https:\/\/www.schneier.com\/#website","url":"https:\/\/www.schneier.com\/","name":"Schneier on Security","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.schneier.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.schneier.com\/wp-json\/wp\/v2\/posts\/11292","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.schneier.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.schneier.com\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/www.schneier.com\/wp-json\/wp\/v2\/comments?post=11292"}],"version-history":[{"count":1,"href":"https:\/\/www.schneier.com\/wp-json\/wp\/v2\/posts\/11292\/revisions"}],"predecessor-version":[{"id":52547,"href":"https:\/\/www.schneier.com\/wp-json\/wp\/v2\/posts\/11292\/revisions\/52547"}],"wp:attachment":[{"href":"https:\/\/www.schneier.com\/wp-json\/wp\/v2\/media?parent=11292"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.schneier.com\/wp-json\/wp\/v2\/categories?post=11292"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.schneier.com\/wp-json\/wp\/v2\/tags?post=11292"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}