What level of importance did you all assign the recent news report requesting the public to reset...

[G+_Rud Dog]

What level of importance did you all assign the recent news report requesting the public to reset thier routers?

[G+_Paul Hutchinson]

High, and a simple reboot of router's and NAS's every once in while is a good idea anyway.

[G+_Rickbearcat]

Assigning it a "level of importance" means that you are taking the reports that the FBI wants you to believe, to be true. As you are relying on news outlets (such as TWiT) to provide you with true and accurate reporting.

 

In this case, I am not assigning any importance to the FBI wanting me to reset my router. Rather, I feel that resetting my router every once in a while is a good thing to do, regardless. As it can clear volatile memory and force an update if I need one.

[G+_Technical Terry]

For general public, I assign as high. Gives good awareness of possible security flaws. Hopefully they change password and update firmware.

 

For me, my routers manufacturers were not on the list, so I wasn’t too worried. But it did give me a reminder to check for firmware updates and then rebooted for good measure.

[G+_Vinny Trent]

I reboot my router every month, which is fortunate as I have a router on the list, does not take long 2-5 minutes (though my kids still moan about missing all the important stuff happening on YouTube, etc.)

[G+_Rud Dog]

Decided to factory reset my router and it did take 5 minutes or longer. Forgot I had reserved some addresses for cameras and other things but it is not that hard to do all over again. Google Wifi router and mesh units take a few more steps than the average routers but that's ok it is done now. Let's hope there won't be any rush'n in the near future.

[G+_Ben Reese]

I agree with everyone else. It's not a bad idea regardless and the general public is more likely to reboot their router than they would be to look up the model number, compare it to the list online, make a decision about rebooting based on what they find. It requires the least amount of effort and can't hurt.

[G+_Rud Dog]

Think I heard "reset" but could be wrong.

[G+_Technical Terry]

Rud Dog anything to overwrite the flash. So reset or update firmware should dislodge anything that was written in flash.

[G+_Paul Hutchinson]

Rud Dog Many news organizations called reboot via a power cycle a reset but AFAIK the FBI statement only asked people to do a simple power cycle reboot.

 

From what I've read nobody has yet definitively determined the exact entry method or how to get it completely out of the code space and prevent it from returning.

 

The FBI did confiscate the domain that the malware uses to phone home for updates and instructions. It has been determined that after a reboot two of the three stages of the infection get cleared and the device then phones home on boot. So the FBI plans on recording all the IP addresses that contract the confiscated domain, trace the IP to the physical device and then inform the owner of the infection.

 

It may take a complete re-flashing with brand new firmware to completely solve the issue. At this point where infection routes are uncertain the manufacturers don't know what to change so they have to wait to start working on updated firmware.

 

Some security experts I've read suggest a reset to factory defaults as something that may help. But since many systems would still have had mostly factory settings and the the malware got into them, I'm not sure why they think it would help. Some experts I read say that if somebody does a factory reset and leaves the dangerous settings at factory defaults they are likely more insecure against this malware.

 

At this point I think it will be found that the infection happens due to one or more of the usual suspects.

1. Leaving the admin password at the default.

2. Enabling remote administration.

3. Never updating the firmware.

 

Enabling or not disabling:

4. Universal Plug and Play.

5. Wi-Fi Protected Setup

6. Internet file or printer sharing

[G+_Mark Olson]

Thanks for reminding me!!! Even though I listen to Security Now I had forgotten there were recent firmware upgrades for most routers. Got mine all updated and reset last night.

[G+_Paul Hutchinson]

Just saw this weeks Security Now and still don't see any reason to reset the settings to factory default like some have recommended.

 

I did like Steve's suggestion that if there is no new firmware try to re-flash with the existing firmware, that makes sense.

 

Since I keep my trusty Netgear Nighthawk R7000 up to date I was going to try downloading the current firmware image and manually flashing which the web interface does allow. But to my surprise the Check for updates button said there was a new firmware version available today so I let it run. I went to see what was new in this version and to my surprise it was not a new version, Netgear re-flashed my router with the already installed firmware update from April 3rd.

 

At this point it still appears that all the devices that were taken over had old firmware with known already patched vulnerabilities so myself and rest of us KITA's were likely never in danger.

[G+_John Sullivan]

Leo Laporte was originally saying "reset", but he changed that recommendation to just reboot.

[G+_J. Peter Haliburton]

Paul Hutchinson I have the same router. Looks like I missed an update. Good now. Been throwing some GRC utilities at it to make sure there are no vulnerabilities.

[G+_Nolan T]

I have a Linksys router which hasn't been updated since I took it out of the box a couple years ago, so I did a full reset just to be safe(er).

Im thinking on going to Ubiquiti equipment soon and they update regularly.

[G+_Rud Dog]

After watching "The New ScreenSavers" it was clear the FBI located and shutdown the servers reinfecting the routers after resetting. Having done this a simple reboot according to Leo will eliminate the reinfection of your router.

Now it makes more sense.