Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I feel sorry for people whose routers aren't running OpenWRT, PFSense, or some other easily upgradable modern firmware that's free of backdoors.


Actually, I've been wondering lately, just how common are router compromises? I ask because I have a Synology unit that was infected with some pretty insidious malware just by being out on the open internet and having a slightly out-of-date OS version. Since it's now easily possible to scan the entire IPv4 address space, it makes me wonder if having out-of-date firmware would basically guarantee a hacked router these days.


If it is common, its likely those doing it want it to remain a secret... so not sure its possible to get a good estimate.


It's not fear of backdoors that make me run a specific router.

If I want free wifi access around the country (via BT Openzone) then I need to run BT's router (which includes the magic to run a separate managed public Wifi access point via BT Fon).

It's annoying, but I can live with it (especially when they get around to upgrading my cabinet to FTTC and I get 60Mbps/20Mbps).


I'm in the same situation, but my FON router sits behind my main router and isolated from my internal network. It still shares Internet access just fine :)


Are you on Infinity (FTTC)? I've heard various stories about people on FTTC getting slower speeds with anything other then the latest Homehub.


Oh, I'm not actually in the UK at all, I just meant I also need to keep a FON router connected.

In that case, I assume the best option would be to put a decent router behind the Homehub (configuring the latter in bridge mode or similar) and then treating all traffic beyond the inner router as public.


Unfortunately many (including mine) are not compatible


I'm using OpenWRT on my routerstation pro for my business connection, and an asus router with a TomatoUSB variant at home. Lots of options.


Funny enough, I put a lot of work into a OpenWRT dyndns update script. I wonder what ever happened to that code.


You know, because there can never be a backdoor or unknown security flaw in OpenWRT, PFSense or some other modern firmware.


Hey, great snarky reply.

Of course, in your haste to post a reddit-style sarcastic comment, you missed or glossed over the fact that free software such as OpenWRT or PFSense can be audited and patched by the public, and is not controlled by some corporation under undue influence by the NSA.

Oops! Better luck next time!


Sure the software can, theoretically be audited. But 1) Requires someone actually auditing software. Which judging by the state of OpenSSL flaws, we're doing a shit-tier job at. and 2) Requires people patching the "internet of things" cringe - which we've also seen isn't happening. Furthermore, most of the devices are dependent on closed source drivers for wireless devices.

And you're still just hoping the compromise isn't at the hardware level, because then you're truly up a creek.

Hell, we don't have access to the baseband software in our cellphones or the SIM chip, which can happily take control of the application processor and do what it needs to do, yet we all clamor around the fact that Android is Open and thusly Auditable and that makes it automatically superior in every way.

With enough eyes all bugs are shallow. But nobody's actually looking at the software, so bugs live on, and the big boogie man NSA can still be anywhere and everywhere.

There are Eyes In Your Radio. They're not going anywhere.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: