Feds once again fix up compromised retail routers under court order.
  • Encrypt-Keeper@lemmy.worldEnglish
    41·
    9 months ago

    An important detail to mention is that every router involved were very old Ubiquiti EdgeRouters which were EOL’d like a year or two ago and they had remote administration enabled and were still using the default admin user and password.

    • Copernican@lemmy.worldEnglish
      11·
      9 months ago

      I was running an edge router x until a few months ago. It was the cheapest set up to deploy a unifi wireless access point for my apartment. I was worried until I read:

      It affected routers running Ubiquiti’s EdgeOS, but only those that had not changed their default administrative password. Access to the routers allowed the hacking group to “conceal and otherwise enable a variety of crimes,” the DOJ claims, including spearphishing and credential harvesting in the US and abroad.

      Change you default passwords friends. Given that the edge router is not the most noob friendly device to set up, I’m curious how the user base of these devices is not changing the PW.

  • AnneBonny@lemmy.dbzer0.comEnglish
    231·
    9 months ago

    During the court-sanctioned intrusion, the DOJ “enabled temporary collection of non-content routing information” that would “expose GRU attempts to thwart the operation.” This did not “impact the routers’ normal functionality or collect legitimate user content information,” the DOJ claims.

    I bet.

  • lemonuri@lemmy.mlEnglish
    93·
    9 months ago

    I think it’s best to only buy routers supporting openwrt in the first place and switch firmware to openwrt asap. Openwrt or Opnsense or anything open source and well maintained will guarantee security updates years and years beyond the original manufactures firmware.