Friday, May 29, 2015

Another WIFI Router Exploit Has Been Exposed - Is Your Home Router Safe?

Home WIFI routers are powerful little devices. Unfortunately, as we have said before, they have become commodities. Although cheap and generally ignored, they are the first line of protection between you and the Internet Frontier. Most folks just plug them in and walk away. The manufactures rarely bother updating the firmware and they gradually become a security nightmare.

Every few months we hear about a new exploit. Well, we have another one that compromises NetUSB. This security flaw affects a wide range of different routers from a number of different manufacturers. It could allow attackers to remotely execute malicious code that compromises connected devices on your network.

Essentially, NetUSB allows any USB device plugged directly into a router to be available to other devices. So that could be a printer, external hard drive, USB storage key, etc. In order for Windows & Mac machines to access the devices plugged into a router, there’s a client-side driver for USB running over IP.

First, your router must have a USB port in order to be compromised. Many older routers didn't include a USB interface for sharing. If your router does have a USB port, disconnecting the device form the port does not ameliorate the issue. So, what can you do? The biggest concern would be a remote attack from the Internet. NetUSB uses port 20005. Is port 20005 open to the Internet, on your router? Here's the test.

  1. Thanks to Steve Gibson you can scan your router to check this port. If it reports back as Stealth - you are fine. This indicates that you are not exposed from the Internet. You could still have an issue "inside" your local area network, so you may want continue with steps 2 and 3 below. If the scan does not indicate Stealth, you definitely should continue the steps below. Go here to run the scan.
  2. Check to see if your manufacture has a firmware update for this problem, as well as, other security issues.
  3. Look in the Administrative Web Interface to see if you can turn off sharing on the USB port. Some routers do provide a toggle to shut this down.

If you are unable correct the issue you will have to wait for the manufacture to update the firmware or purchase a new router. If the port probe does indicate
Stealth - I would be far less concerned, and simply wait for the update.

Home router exploits have become a major problem in the last few years. Check often for firmware updates and retire those older routers every few years.