jebt2921 Posted December 23, 2022 Posted December 23, 2022 Anyone have information on what this cybersecurity incident is about? Sent from my iPhone using Tapatalk Quote
Andrew luecke Posted December 23, 2022 Posted December 23, 2022 They posted information to: https://tech.control4.com/s/article/Pakedge-Router-Security-Incident-DEC-22, Facebook and the dealer forums (also, keep in mind, C4 Forums is a community Forum, and isn't run by SnapAV. And your best source of information might be your dealer, as they know your exact circumstances). So, firstly, keep in mind, I don't work for snap (so, this isn't an official summary, and it could be wrong).. But my understanding is: Affecting Pakedge RK-1 and RT-3100 routers, an external botnet was used to target and attack a vulnerability in the remote support features present on a subset of Pakedge routers beginning on December 18, 2022. (SnapAV wrote this summary, the rest is mine) If Remote Support was enabled, in some cases a botnet compromised the unit via the port and ran on the router. No evidence of data being compromised in any capacity, and no evidence of further attacks from the router being compromised on the network. Script kiddies generally use botnets to show other 10 year olds they can DDOS and flood other websites offline, and be l33t and take over Gibson mainframes . Remote support by default is off on firmware 2.00.1 and 1.08.04 or lower is secure regardless As of 10PM EST Dec 21st, 98% of AFFECTED sites with the vulnerability were already patched by Snap. By now, that number would be much higher These days, most installers probably use OVRC for remote access instead, which is recommended. You can turn off Wan Access and Support access to also patch the bug (but if remote access is needed, it should be added to OvrC first, and tested properly) If its shows disconnected in OvrC, you might be still affected and it could be worthwhile contacting your installer (but at this point of time, the problem has likely already been fixed on your router) Just to stress, apparently it doesn't look like any customer data was actually compromised, and there is no evidence that further attacks were launched from the routers against users networks. And only routers with WAN access or support access enabled were affected at all (and they needed to be running a new enough version). Snap has already rolled out a security fix too which from my understanding removes the trojan Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.