Buying a “Used” RouterSomeone used my router to set up their own networkRouter forensics“Rebuild”...
Python 3.7 UltimateBruteforcer
Why Third 'Reich'? Why is 'reich' not translated when 'third' is? What is the English synonym of reich?
Why did Shae (falsely) implicate Sansa?
Can a rabbi conduct a marriage if the bride is already pregnant from the groom?
How to make clear what a part-humanoid character looks like when they're quite common in their world?
For US ESTA, should I mention a visa denial from before I got UK citizenship?
Why there is square in MSE (mean squared error)?
Is there a technology capable of disabling the whole of Earth's satellitle network?
Which was the first story to feature helmets which reads your mind to control a machine?
Coworker is trying to get me to sign his petition to run for office. How to decline politely?
Why did Tywin never remarry?
What prevents people from lying about where they live in order to reduce state income taxes?
Ethernet cable only works in certain positions
Sing Baby Shark
Diagram in Tikz environment
Unable to login to ec2 instance after running “sudo chmod 2770 /”
Why does Python copy numpy arrays where the length of the dimensions are the same?
How should I ship cards?
Someone wants me to use my credit card at a card-only gas/petrol pump in return for cash
How to write pow math?
Pictures from Mars
Negotiating 1-year delay to my Assistant Professor Offer
How to not forget my phone in the bathroom?
Limit involving inverse functions
Buying a “Used” Router
Someone used my router to set up their own networkRouter forensics“Rebuild” firmware on routerRouter infecting my computers?How can access to settings of a public router be (mis)used?Router common vulnerabilitiesRepeated “Dos Attack” from remote IPsDoes someone have it out for me, or is this router “features”?ZTE router antihacking optionSecure onion router setup
I am buying a "new" router from an open-box sale at a company that liquidates eCommerce returns. Plan to use it for a home network at cottage.
I'm a bit nervous that it could have been modified by whoever had it last.
- What are the main risks in this scenario?
- What specific steps should one take before and during setup of a new router that someone else may have had access to in the past?
router
asked 5 hours ago
GWRGWR
26619
add a comment |
I am buying a "new" router from an open-box sale at a company that liquidates eCommerce returns. Plan to use it for a home network at cottage.
I'm a bit nervous that it could have been modified by whoever had it last.
- What are the main risks in this scenario?
- What specific steps should one take before and during setup of a new router that someone else may have had access to in the past?
router
asked 5 hours ago
GWRGWR
26619
add a comment |
I am buying a "new" router from an open-box sale at a company that liquidates eCommerce returns. Plan to use it for a home network at cottage.
I'm a bit nervous that it could have been modified by whoever had it last.
- What are the main risks in this scenario?
- What specific steps should one take before and during setup of a new router that someone else may have had access to in the past?
router
asked 5 hours ago
GWRGWR
26619
I am buying a "new" router from an open-box sale at a company that liquidates eCommerce returns. Plan to use it for a home network at cottage.
I'm a bit nervous that it could have been modified by whoever had it last.
- What are the main risks in this scenario?
- What specific steps should one take before and during setup of a new router that someone else may have had access to in the past?
router
router
asked 5 hours ago
GWRGWR
26619
asked 5 hours ago
GWRGWR
26619
asked 5 hours ago
GWRGWR
26619
asked 5 hours ago
GWRGWR
26619
asked 5 hours ago
GWRGWR
26619
26619
add a comment |
add a comment |
5 Answers
5
active
oldest
votes
Short answer: do a factory reset, update the firmware, and you are good to go.
The risk is very low, bordering zero. The previous owner may have installed a custom firmware or changed its configuration, but a firmware upgrade and factory reset is enough to take care of almost every change.
The risk that the previous owner tampered with the router and his changes can survive even a firmware upgrade and factory reset is negligible.
So, don't worry, unless you are a person of special interest: working on top-secret stuff or have privileged financial information on a big enterprise. But as you are buying a used router, I bet you are a common guy and would not be a target for those attacks.
answered 5 hours ago
ThoriumBRThoriumBR
22.2k65470
Wouldn't most people on stackoverflow/serverfault be persons of interest? They make software that gets deployed in lots of places, or manage systems for corporations. Even so, I agree with your answer in that "the risk is very low, bordering on zero", but the "person of special interest" category is broader than people often realize. Intelligence agencies are known to target sysadmins in particular. As a security consultant who knows of vulnerabilities before they are fixed, I can imagine what interest I might attract, and boy do I feel ordinary compared to the interesting people on this site.
– Luc
1 hour ago
4
The Evil Organization would have to predict when I am going to buy a router, predict which make/model I will buy, where I will buy, go there before, buy all the routers on the place, put a backdoor on each one, return every one, and wait for me to buy the compromised router. I don't think is plausible...
– ThoriumBR
1 hour ago
1
Possible, yes, but so improbable that can be dismissed. It's orders of magnitude easier to just exploit a zero-day on the router I currently have...
– ThoriumBR
1 hour ago
@.ThoriumBR You are right. I didn't think through how much work it would be: even if we are generally interesting targets, this doesn't scale.
– Luc
1 hour ago
add a comment |
The main risk is that the firmware has been replaced by a malicious version, which could make it possible to intercept all the traffic on your network. Passwords, injecting malware, redirecting you to malicious sites, etc. That's a worst-case scenario but easy for someone to do.
You want to factory reset the device to try to clear out anything that the previous owner may have set up in the factory firmware.
But more importantly, you want to see if the firmware has been changed by looking to see if the case has been opened or tampered with and to see if the operating system of the router has changed. But that might not be enough. It is easy to simulate the OS and website on a router.
Something that you could do is to replace the firmware with one of your own. That should wipe out any malicious firmware on the device. There are open-source after-market firmware you can use.
answered 5 hours ago
schroeder♦schroeder
76k29168202
1
what about downloading a new firmware from the router's support site (rather than openWRT)?
– dandavis
5 hours ago
3
If there is one available from the router's manufacturer, it should be the preferred one!
– CyberDude
4 hours ago
1
Sure, if available.
– schroeder♦
4 hours ago
Given how common authenticated command injection / code execution (eg via firmware update, or just bad coding) attacks are in routers, I'm not sure if checking for hardware tampering is enough. And if an attacker has tampered with the firmware, they should be able to fake any firmware update, or place a backdoor in any newly installed firmware. For an update via web interface of the router, this should be trivial, for an update via serial interface or firmware reset probably a bit more difficult (though I'm not sure how much more; if you could add more info about this, that would be great).
– tim
2 hours ago
add a comment |
By far, your main risk in buying an "open box" router is that the router has some subtle damage that the manufacturer didn't detect but that will ultimately reduce the lifespan of the device. That's one reason why they often have reduced warranties.
Security-wise, the risk is negligible if you do a factory reset and re-flash the firmware. That should re-write everything in programmable memory and erase anything malicious that a previous user might have loaded. In fact, this is a best practice even for new routers. I've bought new routers multiple times only to learn that they were still programmed for what was clearly a test network at the factory.
Persistent malware is a real thing, but it's not something to worry too much about. After all, a "brand new" router could have had persistent malware loaded at the factory, so this isn't a risk you can completely mitigate.
answered 3 hours ago
btabta
1513
New contributor
bta is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
Technically there is a risk that the previous owner has installed custom modified firmware with a backdoor.
It is unlikely that the average person has installed custom firmware. Most people don't care about their routers and rarely update them, let alone upgrade them with custom firmware. IF custom firmware was installed it is most likely something benign like DD-WRT, OpenWRT or similar.
And even if they did install custom firmware, it is easily erased with a factory reset or by installing custom firmware of your own. Download the newest firmware package from the manufacturer and flash to the router before plugging the router into either the internet or your local network.
I am splitting this answer because this second case does not apply to the overwhelming majority of people.
Unless you are a UN Peacekeeper, Top Secret Government Agent, Elite Hacker under investigation, CEO of a major corporation, or otherwise have important information or many well funded enemies, stop reading now.
It is technically possible, but incredibly unlikely, that there is a threat on that router that a factory reset/reflash will not remove. This is incredibly unlikely unless you are a high value target. The overwhelming majority of people should not be concerned about this case.
If someone wants to target you, there are many better and cheaper ways to target you than discovering a new vulnerability in that router or building a fake router to trick you.
If you are worried about this incredibly unlikely scenario, then your safest bet is to buy new hardware directly from the factory.
answered 2 hours ago
VidiaVidia
1393
1
FYI, after reading your answer, my takeaway is that ThoriumBR said the same thing more concisely two hours before you (and you also use bold/italics a lot: if almost every paragraph has highlighting, and it's just one or a few words so you need to read the context around it, then nothing is highlighted).
– Luc
1 hour ago
add a comment |
Depends how paranoid you are willing to go. You'll be running unknown software on unknown hardware
1)What are the main risks in this scenario?
Backdoored software , tampered hardware
2)You can try to install your own software but im not sure how deep you have to go to verify the hardware.
answered 5 hours ago
BokisBokis
16210
4
"You'll be running unknown software on unknown hardware" = Pretty much every piece of hardware we use lol
– ingroxd
2 hours ago
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f203859%2fbuying-a-used-router%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
5 Answers
5
active
oldest
votes
5 Answers
5
active
oldest
votes
active
oldest
votes
active
oldest
votes
Short answer: do a factory reset, update the firmware, and you are good to go.
The risk is very low, bordering zero. The previous owner may have installed a custom firmware or changed its configuration, but a firmware upgrade and factory reset is enough to take care of almost every change.
The risk that the previous owner tampered with the router and his changes can survive even a firmware upgrade and factory reset is negligible.
So, don't worry, unless you are a person of special interest: working on top-secret stuff or have privileged financial information on a big enterprise. But as you are buying a used router, I bet you are a common guy and would not be a target for those attacks.
answered 5 hours ago
ThoriumBRThoriumBR
22.2k65470
Wouldn't most people on stackoverflow/serverfault be persons of interest? They make software that gets deployed in lots of places, or manage systems for corporations. Even so, I agree with your answer in that "the risk is very low, bordering on zero", but the "person of special interest" category is broader than people often realize. Intelligence agencies are known to target sysadmins in particular. As a security consultant who knows of vulnerabilities before they are fixed, I can imagine what interest I might attract, and boy do I feel ordinary compared to the interesting people on this site.
– Luc
1 hour ago
4
The Evil Organization would have to predict when I am going to buy a router, predict which make/model I will buy, where I will buy, go there before, buy all the routers on the place, put a backdoor on each one, return every one, and wait for me to buy the compromised router. I don't think is plausible...
– ThoriumBR
1 hour ago
1
Possible, yes, but so improbable that can be dismissed. It's orders of magnitude easier to just exploit a zero-day on the router I currently have...
– ThoriumBR
1 hour ago
@.ThoriumBR You are right. I didn't think through how much work it would be: even if we are generally interesting targets, this doesn't scale.
– Luc
1 hour ago
add a comment |
Short answer: do a factory reset, update the firmware, and you are good to go.
The risk is very low, bordering zero. The previous owner may have installed a custom firmware or changed its configuration, but a firmware upgrade and factory reset is enough to take care of almost every change.
The risk that the previous owner tampered with the router and his changes can survive even a firmware upgrade and factory reset is negligible.
So, don't worry, unless you are a person of special interest: working on top-secret stuff or have privileged financial information on a big enterprise. But as you are buying a used router, I bet you are a common guy and would not be a target for those attacks.
answered 5 hours ago
ThoriumBRThoriumBR
22.2k65470
Wouldn't most people on stackoverflow/serverfault be persons of interest? They make software that gets deployed in lots of places, or manage systems for corporations. Even so, I agree with your answer in that "the risk is very low, bordering on zero", but the "person of special interest" category is broader than people often realize. Intelligence agencies are known to target sysadmins in particular. As a security consultant who knows of vulnerabilities before they are fixed, I can imagine what interest I might attract, and boy do I feel ordinary compared to the interesting people on this site.
– Luc
1 hour ago
4
The Evil Organization would have to predict when I am going to buy a router, predict which make/model I will buy, where I will buy, go there before, buy all the routers on the place, put a backdoor on each one, return every one, and wait for me to buy the compromised router. I don't think is plausible...
– ThoriumBR
1 hour ago
1
Possible, yes, but so improbable that can be dismissed. It's orders of magnitude easier to just exploit a zero-day on the router I currently have...
– ThoriumBR
1 hour ago
@.ThoriumBR You are right. I didn't think through how much work it would be: even if we are generally interesting targets, this doesn't scale.
– Luc
1 hour ago
add a comment |
Short answer: do a factory reset, update the firmware, and you are good to go.
The risk is very low, bordering zero. The previous owner may have installed a custom firmware or changed its configuration, but a firmware upgrade and factory reset is enough to take care of almost every change.
The risk that the previous owner tampered with the router and his changes can survive even a firmware upgrade and factory reset is negligible.
So, don't worry, unless you are a person of special interest: working on top-secret stuff or have privileged financial information on a big enterprise. But as you are buying a used router, I bet you are a common guy and would not be a target for those attacks.
answered 5 hours ago
ThoriumBRThoriumBR
22.2k65470
Short answer: do a factory reset, update the firmware, and you are good to go.
The risk is very low, bordering zero. The previous owner may have installed a custom firmware or changed its configuration, but a firmware upgrade and factory reset is enough to take care of almost every change.
The risk that the previous owner tampered with the router and his changes can survive even a firmware upgrade and factory reset is negligible.
So, don't worry, unless you are a person of special interest: working on top-secret stuff or have privileged financial information on a big enterprise. But as you are buying a used router, I bet you are a common guy and would not be a target for those attacks.
answered 5 hours ago
ThoriumBRThoriumBR
22.2k65470
edited 2 hours ago
answered 5 hours ago
ThoriumBRThoriumBR
22.2k65470
answered 5 hours ago
ThoriumBRThoriumBR
22.2k65470
answered 5 hours ago
ThoriumBRThoriumBR
22.2k65470
22.2k65470
Wouldn't most people on stackoverflow/serverfault be persons of interest? They make software that gets deployed in lots of places, or manage systems for corporations. Even so, I agree with your answer in that "the risk is very low, bordering on zero", but the "person of special interest" category is broader than people often realize. Intelligence agencies are known to target sysadmins in particular. As a security consultant who knows of vulnerabilities before they are fixed, I can imagine what interest I might attract, and boy do I feel ordinary compared to the interesting people on this site.
– Luc
1 hour ago
4
The Evil Organization would have to predict when I am going to buy a router, predict which make/model I will buy, where I will buy, go there before, buy all the routers on the place, put a backdoor on each one, return every one, and wait for me to buy the compromised router. I don't think is plausible...
– ThoriumBR
1 hour ago
1
Possible, yes, but so improbable that can be dismissed. It's orders of magnitude easier to just exploit a zero-day on the router I currently have...
– ThoriumBR
1 hour ago
@.ThoriumBR You are right. I didn't think through how much work it would be: even if we are generally interesting targets, this doesn't scale.
– Luc
1 hour ago
add a comment |
Wouldn't most people on stackoverflow/serverfault be persons of interest? They make software that gets deployed in lots of places, or manage systems for corporations. Even so, I agree with your answer in that "the risk is very low, bordering on zero", but the "person of special interest" category is broader than people often realize. Intelligence agencies are known to target sysadmins in particular. As a security consultant who knows of vulnerabilities before they are fixed, I can imagine what interest I might attract, and boy do I feel ordinary compared to the interesting people on this site.
– Luc
1 hour ago
4
The Evil Organization would have to predict when I am going to buy a router, predict which make/model I will buy, where I will buy, go there before, buy all the routers on the place, put a backdoor on each one, return every one, and wait for me to buy the compromised router. I don't think is plausible...
– ThoriumBR
1 hour ago
1
Possible, yes, but so improbable that can be dismissed. It's orders of magnitude easier to just exploit a zero-day on the router I currently have...
– ThoriumBR
1 hour ago
@.ThoriumBR You are right. I didn't think through how much work it would be: even if we are generally interesting targets, this doesn't scale.
– Luc
1 hour ago
Wouldn't most people on stackoverflow/serverfault be persons of interest? They make software that gets deployed in lots of places, or manage systems for corporations. Even so, I agree with your answer in that "the risk is very low, bordering on zero", but the "person of special interest" category is broader than people often realize. Intelligence agencies are known to target sysadmins in particular. As a security consultant who knows of vulnerabilities before they are fixed, I can imagine what interest I might attract, and boy do I feel ordinary compared to the interesting people on this site.
– Luc
1 hour ago
Wouldn't most people on stackoverflow/serverfault be persons of interest? They make software that gets deployed in lots of places, or manage systems for corporations. Even so, I agree with your answer in that "the risk is very low, bordering on zero", but the "person of special interest" category is broader than people often realize. Intelligence agencies are known to target sysadmins in particular. As a security consultant who knows of vulnerabilities before they are fixed, I can imagine what interest I might attract, and boy do I feel ordinary compared to the interesting people on this site.
– Luc
1 hour ago
4
4
The Evil Organization would have to predict when I am going to buy a router, predict which make/model I will buy, where I will buy, go there before, buy all the routers on the place, put a backdoor on each one, return every one, and wait for me to buy the compromised router. I don't think is plausible...
– ThoriumBR
1 hour ago
The Evil Organization would have to predict when I am going to buy a router, predict which make/model I will buy, where I will buy, go there before, buy all the routers on the place, put a backdoor on each one, return every one, and wait for me to buy the compromised router. I don't think is plausible...
– ThoriumBR
1 hour ago
1
1
Possible, yes, but so improbable that can be dismissed. It's orders of magnitude easier to just exploit a zero-day on the router I currently have...
– ThoriumBR
1 hour ago
Possible, yes, but so improbable that can be dismissed. It's orders of magnitude easier to just exploit a zero-day on the router I currently have...
– ThoriumBR
1 hour ago
@.ThoriumBR You are right. I didn't think through how much work it would be: even if we are generally interesting targets, this doesn't scale.
– Luc
1 hour ago
@.ThoriumBR You are right. I didn't think through how much work it would be: even if we are generally interesting targets, this doesn't scale.
– Luc
1 hour ago
add a comment |
The main risk is that the firmware has been replaced by a malicious version, which could make it possible to intercept all the traffic on your network. Passwords, injecting malware, redirecting you to malicious sites, etc. That's a worst-case scenario but easy for someone to do.
You want to factory reset the device to try to clear out anything that the previous owner may have set up in the factory firmware.
But more importantly, you want to see if the firmware has been changed by looking to see if the case has been opened or tampered with and to see if the operating system of the router has changed. But that might not be enough. It is easy to simulate the OS and website on a router.
Something that you could do is to replace the firmware with one of your own. That should wipe out any malicious firmware on the device. There are open-source after-market firmware you can use.
answered 5 hours ago
schroeder♦schroeder
76k29168202
1
what about downloading a new firmware from the router's support site (rather than openWRT)?
– dandavis
5 hours ago
3
If there is one available from the router's manufacturer, it should be the preferred one!
– CyberDude
4 hours ago
1
Sure, if available.
– schroeder♦
4 hours ago
Given how common authenticated command injection / code execution (eg via firmware update, or just bad coding) attacks are in routers, I'm not sure if checking for hardware tampering is enough. And if an attacker has tampered with the firmware, they should be able to fake any firmware update, or place a backdoor in any newly installed firmware. For an update via web interface of the router, this should be trivial, for an update via serial interface or firmware reset probably a bit more difficult (though I'm not sure how much more; if you could add more info about this, that would be great).
– tim
2 hours ago
add a comment |
The main risk is that the firmware has been replaced by a malicious version, which could make it possible to intercept all the traffic on your network. Passwords, injecting malware, redirecting you to malicious sites, etc. That's a worst-case scenario but easy for someone to do.
You want to factory reset the device to try to clear out anything that the previous owner may have set up in the factory firmware.
But more importantly, you want to see if the firmware has been changed by looking to see if the case has been opened or tampered with and to see if the operating system of the router has changed. But that might not be enough. It is easy to simulate the OS and website on a router.
Something that you could do is to replace the firmware with one of your own. That should wipe out any malicious firmware on the device. There are open-source after-market firmware you can use.
answered 5 hours ago
schroeder♦schroeder
76k29168202
1
what about downloading a new firmware from the router's support site (rather than openWRT)?
– dandavis
5 hours ago
3
If there is one available from the router's manufacturer, it should be the preferred one!
– CyberDude
4 hours ago
1
Sure, if available.
– schroeder♦
4 hours ago
Given how common authenticated command injection / code execution (eg via firmware update, or just bad coding) attacks are in routers, I'm not sure if checking for hardware tampering is enough. And if an attacker has tampered with the firmware, they should be able to fake any firmware update, or place a backdoor in any newly installed firmware. For an update via web interface of the router, this should be trivial, for an update via serial interface or firmware reset probably a bit more difficult (though I'm not sure how much more; if you could add more info about this, that would be great).
– tim
2 hours ago
add a comment |
The main risk is that the firmware has been replaced by a malicious version, which could make it possible to intercept all the traffic on your network. Passwords, injecting malware, redirecting you to malicious sites, etc. That's a worst-case scenario but easy for someone to do.
You want to factory reset the device to try to clear out anything that the previous owner may have set up in the factory firmware.
But more importantly, you want to see if the firmware has been changed by looking to see if the case has been opened or tampered with and to see if the operating system of the router has changed. But that might not be enough. It is easy to simulate the OS and website on a router.
Something that you could do is to replace the firmware with one of your own. That should wipe out any malicious firmware on the device. There are open-source after-market firmware you can use.
answered 5 hours ago
schroeder♦schroeder
76k29168202
The main risk is that the firmware has been replaced by a malicious version, which could make it possible to intercept all the traffic on your network. Passwords, injecting malware, redirecting you to malicious sites, etc. That's a worst-case scenario but easy for someone to do.
You want to factory reset the device to try to clear out anything that the previous owner may have set up in the factory firmware.
But more importantly, you want to see if the firmware has been changed by looking to see if the case has been opened or tampered with and to see if the operating system of the router has changed. But that might not be enough. It is easy to simulate the OS and website on a router.
Something that you could do is to replace the firmware with one of your own. That should wipe out any malicious firmware on the device. There are open-source after-market firmware you can use.
answered 5 hours ago
schroeder♦schroeder
76k29168202
answered 5 hours ago
schroeder♦schroeder
76k29168202
answered 5 hours ago
schroeder♦schroeder
76k29168202
answered 5 hours ago
schroeder♦schroeder
76k29168202
76k29168202
1
what about downloading a new firmware from the router's support site (rather than openWRT)?
– dandavis
5 hours ago
3
If there is one available from the router's manufacturer, it should be the preferred one!
– CyberDude
4 hours ago
1
Sure, if available.
– schroeder♦
4 hours ago
Given how common authenticated command injection / code execution (eg via firmware update, or just bad coding) attacks are in routers, I'm not sure if checking for hardware tampering is enough. And if an attacker has tampered with the firmware, they should be able to fake any firmware update, or place a backdoor in any newly installed firmware. For an update via web interface of the router, this should be trivial, for an update via serial interface or firmware reset probably a bit more difficult (though I'm not sure how much more; if you could add more info about this, that would be great).
– tim
2 hours ago
add a comment |
1
what about downloading a new firmware from the router's support site (rather than openWRT)?
– dandavis
5 hours ago
3
If there is one available from the router's manufacturer, it should be the preferred one!
– CyberDude
4 hours ago
1
Sure, if available.
– schroeder♦
4 hours ago
Given how common authenticated command injection / code execution (eg via firmware update, or just bad coding) attacks are in routers, I'm not sure if checking for hardware tampering is enough. And if an attacker has tampered with the firmware, they should be able to fake any firmware update, or place a backdoor in any newly installed firmware. For an update via web interface of the router, this should be trivial, for an update via serial interface or firmware reset probably a bit more difficult (though I'm not sure how much more; if you could add more info about this, that would be great).
– tim
2 hours ago
1
1
what about downloading a new firmware from the router's support site (rather than openWRT)?
– dandavis
5 hours ago
what about downloading a new firmware from the router's support site (rather than openWRT)?
– dandavis
5 hours ago
3
3
If there is one available from the router's manufacturer, it should be the preferred one!
– CyberDude
4 hours ago
If there is one available from the router's manufacturer, it should be the preferred one!
– CyberDude
4 hours ago
1
1
Sure, if available.
– schroeder♦
4 hours ago
Sure, if available.
– schroeder♦
4 hours ago
Given how common authenticated command injection / code execution (eg via firmware update, or just bad coding) attacks are in routers, I'm not sure if checking for hardware tampering is enough. And if an attacker has tampered with the firmware, they should be able to fake any firmware update, or place a backdoor in any newly installed firmware. For an update via web interface of the router, this should be trivial, for an update via serial interface or firmware reset probably a bit more difficult (though I'm not sure how much more; if you could add more info about this, that would be great).
– tim
2 hours ago
Given how common authenticated command injection / code execution (eg via firmware update, or just bad coding) attacks are in routers, I'm not sure if checking for hardware tampering is enough. And if an attacker has tampered with the firmware, they should be able to fake any firmware update, or place a backdoor in any newly installed firmware. For an update via web interface of the router, this should be trivial, for an update via serial interface or firmware reset probably a bit more difficult (though I'm not sure how much more; if you could add more info about this, that would be great).
– tim
2 hours ago
add a comment |
By far, your main risk in buying an "open box" router is that the router has some subtle damage that the manufacturer didn't detect but that will ultimately reduce the lifespan of the device. That's one reason why they often have reduced warranties.
Security-wise, the risk is negligible if you do a factory reset and re-flash the firmware. That should re-write everything in programmable memory and erase anything malicious that a previous user might have loaded. In fact, this is a best practice even for new routers. I've bought new routers multiple times only to learn that they were still programmed for what was clearly a test network at the factory.
Persistent malware is a real thing, but it's not something to worry too much about. After all, a "brand new" router could have had persistent malware loaded at the factory, so this isn't a risk you can completely mitigate.
answered 3 hours ago
btabta
1513
New contributor
bta is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
By far, your main risk in buying an "open box" router is that the router has some subtle damage that the manufacturer didn't detect but that will ultimately reduce the lifespan of the device. That's one reason why they often have reduced warranties.
Security-wise, the risk is negligible if you do a factory reset and re-flash the firmware. That should re-write everything in programmable memory and erase anything malicious that a previous user might have loaded. In fact, this is a best practice even for new routers. I've bought new routers multiple times only to learn that they were still programmed for what was clearly a test network at the factory.
Persistent malware is a real thing, but it's not something to worry too much about. After all, a "brand new" router could have had persistent malware loaded at the factory, so this isn't a risk you can completely mitigate.
answered 3 hours ago
btabta
1513
New contributor
bta is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
By far, your main risk in buying an "open box" router is that the router has some subtle damage that the manufacturer didn't detect but that will ultimately reduce the lifespan of the device. That's one reason why they often have reduced warranties.
Security-wise, the risk is negligible if you do a factory reset and re-flash the firmware. That should re-write everything in programmable memory and erase anything malicious that a previous user might have loaded. In fact, this is a best practice even for new routers. I've bought new routers multiple times only to learn that they were still programmed for what was clearly a test network at the factory.
Persistent malware is a real thing, but it's not something to worry too much about. After all, a "brand new" router could have had persistent malware loaded at the factory, so this isn't a risk you can completely mitigate.
answered 3 hours ago
btabta
1513
New contributor
bta is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
By far, your main risk in buying an "open box" router is that the router has some subtle damage that the manufacturer didn't detect but that will ultimately reduce the lifespan of the device. That's one reason why they often have reduced warranties.
Security-wise, the risk is negligible if you do a factory reset and re-flash the firmware. That should re-write everything in programmable memory and erase anything malicious that a previous user might have loaded. In fact, this is a best practice even for new routers. I've bought new routers multiple times only to learn that they were still programmed for what was clearly a test network at the factory.
Persistent malware is a real thing, but it's not something to worry too much about. After all, a "brand new" router could have had persistent malware loaded at the factory, so this isn't a risk you can completely mitigate.
answered 3 hours ago
btabta
1513
New contributor
bta is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 3 hours ago
btabta
1513
New contributor
bta is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 3 hours ago
btabta
1513
answered 3 hours ago
btabta
1513
1513
New contributor
bta is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
bta is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
bta is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
Technically there is a risk that the previous owner has installed custom modified firmware with a backdoor.
It is unlikely that the average person has installed custom firmware. Most people don't care about their routers and rarely update them, let alone upgrade them with custom firmware. IF custom firmware was installed it is most likely something benign like DD-WRT, OpenWRT or similar.
And even if they did install custom firmware, it is easily erased with a factory reset or by installing custom firmware of your own. Download the newest firmware package from the manufacturer and flash to the router before plugging the router into either the internet or your local network.
I am splitting this answer because this second case does not apply to the overwhelming majority of people.
Unless you are a UN Peacekeeper, Top Secret Government Agent, Elite Hacker under investigation, CEO of a major corporation, or otherwise have important information or many well funded enemies, stop reading now.
It is technically possible, but incredibly unlikely, that there is a threat on that router that a factory reset/reflash will not remove. This is incredibly unlikely unless you are a high value target. The overwhelming majority of people should not be concerned about this case.
If someone wants to target you, there are many better and cheaper ways to target you than discovering a new vulnerability in that router or building a fake router to trick you.
If you are worried about this incredibly unlikely scenario, then your safest bet is to buy new hardware directly from the factory.
answered 2 hours ago
VidiaVidia
1393
1
FYI, after reading your answer, my takeaway is that ThoriumBR said the same thing more concisely two hours before you (and you also use bold/italics a lot: if almost every paragraph has highlighting, and it's just one or a few words so you need to read the context around it, then nothing is highlighted).
– Luc
1 hour ago
add a comment |
Technically there is a risk that the previous owner has installed custom modified firmware with a backdoor.
It is unlikely that the average person has installed custom firmware. Most people don't care about their routers and rarely update them, let alone upgrade them with custom firmware. IF custom firmware was installed it is most likely something benign like DD-WRT, OpenWRT or similar.
And even if they did install custom firmware, it is easily erased with a factory reset or by installing custom firmware of your own. Download the newest firmware package from the manufacturer and flash to the router before plugging the router into either the internet or your local network.
I am splitting this answer because this second case does not apply to the overwhelming majority of people.
Unless you are a UN Peacekeeper, Top Secret Government Agent, Elite Hacker under investigation, CEO of a major corporation, or otherwise have important information or many well funded enemies, stop reading now.
It is technically possible, but incredibly unlikely, that there is a threat on that router that a factory reset/reflash will not remove. This is incredibly unlikely unless you are a high value target. The overwhelming majority of people should not be concerned about this case.
If someone wants to target you, there are many better and cheaper ways to target you than discovering a new vulnerability in that router or building a fake router to trick you.
If you are worried about this incredibly unlikely scenario, then your safest bet is to buy new hardware directly from the factory.
answered 2 hours ago
VidiaVidia
1393
1
FYI, after reading your answer, my takeaway is that ThoriumBR said the same thing more concisely two hours before you (and you also use bold/italics a lot: if almost every paragraph has highlighting, and it's just one or a few words so you need to read the context around it, then nothing is highlighted).
– Luc
1 hour ago
add a comment |
Technically there is a risk that the previous owner has installed custom modified firmware with a backdoor.
It is unlikely that the average person has installed custom firmware. Most people don't care about their routers and rarely update them, let alone upgrade them with custom firmware. IF custom firmware was installed it is most likely something benign like DD-WRT, OpenWRT or similar.
And even if they did install custom firmware, it is easily erased with a factory reset or by installing custom firmware of your own. Download the newest firmware package from the manufacturer and flash to the router before plugging the router into either the internet or your local network.
I am splitting this answer because this second case does not apply to the overwhelming majority of people.
Unless you are a UN Peacekeeper, Top Secret Government Agent, Elite Hacker under investigation, CEO of a major corporation, or otherwise have important information or many well funded enemies, stop reading now.
It is technically possible, but incredibly unlikely, that there is a threat on that router that a factory reset/reflash will not remove. This is incredibly unlikely unless you are a high value target. The overwhelming majority of people should not be concerned about this case.
If someone wants to target you, there are many better and cheaper ways to target you than discovering a new vulnerability in that router or building a fake router to trick you.
If you are worried about this incredibly unlikely scenario, then your safest bet is to buy new hardware directly from the factory.
answered 2 hours ago
VidiaVidia
1393
Technically there is a risk that the previous owner has installed custom modified firmware with a backdoor.
It is unlikely that the average person has installed custom firmware. Most people don't care about their routers and rarely update them, let alone upgrade them with custom firmware. IF custom firmware was installed it is most likely something benign like DD-WRT, OpenWRT or similar.
And even if they did install custom firmware, it is easily erased with a factory reset or by installing custom firmware of your own. Download the newest firmware package from the manufacturer and flash to the router before plugging the router into either the internet or your local network.
I am splitting this answer because this second case does not apply to the overwhelming majority of people.
Unless you are a UN Peacekeeper, Top Secret Government Agent, Elite Hacker under investigation, CEO of a major corporation, or otherwise have important information or many well funded enemies, stop reading now.
It is technically possible, but incredibly unlikely, that there is a threat on that router that a factory reset/reflash will not remove. This is incredibly unlikely unless you are a high value target. The overwhelming majority of people should not be concerned about this case.
If someone wants to target you, there are many better and cheaper ways to target you than discovering a new vulnerability in that router or building a fake router to trick you.
If you are worried about this incredibly unlikely scenario, then your safest bet is to buy new hardware directly from the factory.
answered 2 hours ago
VidiaVidia
1393
answered 2 hours ago
VidiaVidia
1393
answered 2 hours ago
VidiaVidia
1393
answered 2 hours ago
VidiaVidia
1393
1393
1
FYI, after reading your answer, my takeaway is that ThoriumBR said the same thing more concisely two hours before you (and you also use bold/italics a lot: if almost every paragraph has highlighting, and it's just one or a few words so you need to read the context around it, then nothing is highlighted).
– Luc
1 hour ago
add a comment |
1
FYI, after reading your answer, my takeaway is that ThoriumBR said the same thing more concisely two hours before you (and you also use bold/italics a lot: if almost every paragraph has highlighting, and it's just one or a few words so you need to read the context around it, then nothing is highlighted).
– Luc
1 hour ago
1
1
FYI, after reading your answer, my takeaway is that ThoriumBR said the same thing more concisely two hours before you (and you also use bold/italics a lot: if almost every paragraph has highlighting, and it's just one or a few words so you need to read the context around it, then nothing is highlighted).
– Luc
1 hour ago
FYI, after reading your answer, my takeaway is that ThoriumBR said the same thing more concisely two hours before you (and you also use bold/italics a lot: if almost every paragraph has highlighting, and it's just one or a few words so you need to read the context around it, then nothing is highlighted).
– Luc
1 hour ago
add a comment |
Depends how paranoid you are willing to go. You'll be running unknown software on unknown hardware
1)What are the main risks in this scenario?
Backdoored software , tampered hardware
2)You can try to install your own software but im not sure how deep you have to go to verify the hardware.
answered 5 hours ago
BokisBokis
16210
4
"You'll be running unknown software on unknown hardware" = Pretty much every piece of hardware we use lol
– ingroxd
2 hours ago
add a comment |
Depends how paranoid you are willing to go. You'll be running unknown software on unknown hardware
1)What are the main risks in this scenario?
Backdoored software , tampered hardware
2)You can try to install your own software but im not sure how deep you have to go to verify the hardware.
answered 5 hours ago
BokisBokis
16210
4
"You'll be running unknown software on unknown hardware" = Pretty much every piece of hardware we use lol
– ingroxd
2 hours ago
add a comment |
Depends how paranoid you are willing to go. You'll be running unknown software on unknown hardware
1)What are the main risks in this scenario?
Backdoored software , tampered hardware
2)You can try to install your own software but im not sure how deep you have to go to verify the hardware.
answered 5 hours ago
BokisBokis
16210
Depends how paranoid you are willing to go. You'll be running unknown software on unknown hardware
1)What are the main risks in this scenario?
Backdoored software , tampered hardware
2)You can try to install your own software but im not sure how deep you have to go to verify the hardware.
answered 5 hours ago
BokisBokis
16210
answered 5 hours ago
BokisBokis
16210
answered 5 hours ago
BokisBokis
16210
answered 5 hours ago
BokisBokis
16210
16210
4
"You'll be running unknown software on unknown hardware" = Pretty much every piece of hardware we use lol
– ingroxd
2 hours ago
add a comment |
4
"You'll be running unknown software on unknown hardware" = Pretty much every piece of hardware we use lol
– ingroxd
2 hours ago
4
4
"You'll be running unknown software on unknown hardware" = Pretty much every piece of hardware we use lol
– ingroxd
2 hours ago
"You'll be running unknown software on unknown hardware" = Pretty much every piece of hardware we use lol
– ingroxd
2 hours ago
add a comment |
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f203859%2fbuying-a-used-router%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
