Netgear router hacked

Discussion about Wi-Fi, Routers, Computers, Windows, Mobile Phones, Software, Hardware...

Moderators: inspector, Dragonrider, jay, thecaretaker

Post Reply
User avatar
thecaretaker
Forum Administrator
Forum Administrator
Posts: 7608
Joined: 15th Jun 2001 at 1:00pm
22
Job Status: Retired Site Manager
Gender: Male
May 2022 10 03:57

Netgear router hacked

While on holiday, some toe rag hacked my router changing the admin log-in and wireless SSIDs. I had to manually reset it and restore the settings from a backup. Seems many Netgear routers have a vulnerability where somebody can use the Circle Family Protection which even if turned off, still runs in the background. Netgear has now fixed the issue with a firmware update.

It's a right kerfuffle to reset the settings and many people will think their router has died.

If you have a Netgear Nighthawk router (or any router make come to that), be sure to install the latest firmware to remain safe [Like.png]

Vérité Sans Peur
(Truth Without Fear)
User avatar
inspector
Forum Moderator
Forum Moderator
Posts: 1707
Joined: 15th Jun 2001 at 1:00pm
22
Job Status: Retired
Gender: Male
May 2022 10 10:19

Re: Netgear router hacked

I have a Nighthawk 7000, but it's in its box under the desk, been there for a few years now., I think the vulnerability fix has been available for a very long time now.
User avatar
Drone
Registered Member
Registered Member
Posts: 5094
Joined: 11th Mar 2005 at 7:21pm
19
Job Status: Site Manager
May 2022 10 20:16

Re: Netgear router hacked

Some folk seem to have seriously empty lives.
User avatar
thecaretaker
Forum Administrator
Forum Administrator
Posts: 7608
Joined: 15th Jun 2001 at 1:00pm
22
Job Status: Retired Site Manager
Gender: Male
May 2022 11 09:36

Re: Netgear router hacked

Drone wrote: 10th May 2022 at 8:16pm Some folk seem to have seriously empty lives.
First thing my Dad said when I told him... "WHY!".

Absolutely no point apart from making my life a bit harder. They didn't access the internet, my router blocks all new devices until I give them permission. They just managed to chance the admin password and re-name the wireless SSIDs.

I wouldn't know where to start by hacking a router using a vulnerability in the firmware. It seems they are constantly finding security issues with various Netgear routers. https://www.netgear.com/about/security/

This was reported on 18th November 2021 on Toms Hardware and they are still fixing it. https://www.tomsguide.com/uk/news/netge ... ches-nov21

Vérité Sans Peur
(Truth Without Fear)
User avatar
thecaretaker
Forum Administrator
Forum Administrator
Posts: 7608
Joined: 15th Jun 2001 at 1:00pm
22
Job Status: Retired Site Manager
Gender: Male
Jun 2022 25 14:59

Re: Netgear router hacked

UPDATE

I've been hacked again. I've spent a long while trying to work out how they did it. They reset my second Netgear Nighthawk router which I have working in AP mode.

It recorded the MAC Addresses of the hacker and they used a Sky router to hack mine. I'm thinking this might be a neighbour doing this.

The only possible way into my router that I can see is by using the Wi-Fi Protected Setup (WPS) pin code they previously used. I admit I used to have this second router open using the main router to block any new connections. But as they didn't get access to my main router, they did have the WPS pin from the method they used to hack the WPS first time round.

I updated the firmware and locked the router down to also block any new connections. The WPS pin code option was already disabled, but if they managed to bypass it last time, what I didn't think about was that the router remembers a WPS pin code so a user doesn't have to enter it each time they connect.

Since I have never used the WPS pin code method to connect any device to my router, I really don't want any pins to be remembered by the router.

So, by unticking these boxes (see image), it tells the router not to remember any WPS PIN codes.

If you try this, any device that connected to your router by using the PIN Code will not be able to automatically connect. This does not affect manual connections using the SSID anf password method.

To be frank, the WPS is often used by owners who don't understand much about router security and in itself, is a security risk. The annoying thing, although you disable the pin option, the physical button to enable WPS on the router still works and can't be disabled. The router also generates new PIN Codes if the tick box is unticked but it doesn't use them. It would be better/safer if Netgear (and other manufacturers) disabled the entire WPS feature.

For your own security, at least, disable the WPS option on any make of router to remain safe. Untick the Enable Routers PIN (or tick it if it says Disable Routers PIN on your router).

Screenshot 2022-06-25 143512.png

Anyway, the router is back up and running again. Lets see how long it takes the toerags to find another loophole. [Angry.png]

https://kb.netgear.com/19824/How-does-m ... ce-attacks

Also see: https://kb.netgear.com/24103/How-do-I-s ... awk-router
You do not have the required permissions to view the files attached to this post.

Vérité Sans Peur
(Truth Without Fear)
User avatar
thecaretaker
Forum Administrator
Forum Administrator
Posts: 7608
Joined: 15th Jun 2001 at 1:00pm
22
Job Status: Retired Site Manager
Gender: Male
Jun 2022 25 15:32

Re: Netgear router hacked

And the tools to do a WPS brute force attack with instructions is available on the internet... Something to do with Pixies [Angry.png]

https://miloserdov.org/?p=403

Vérité Sans Peur
(Truth Without Fear)
Post Reply