According to the previous Recorded Future report, hackers were able to steal documents about the U.S. Military’s Reaper drones because the Air Force didn’t set the FTP password on its Netgear routers, which allowed the attackers to gain free access to the military’s computers. Netgear has now said this wouldn’t have been a problem if the Air Force had applied the firmware update the company released in 2016 for this very issue.
Air Force Hack
As we know from the previous report, the attackers first learned that the Air Force’s machines were vulnerable to hacking via its Netgear routers by using the search engine Shodan to scan the internet for non-secure devices. Shodan calls itself the “world's first search engine for Internet-connected devices.” However, it’s often used by malicious parties to scan for their hacking targets.
Once the attackers found Air Force’s routers, gaining access to them was trivial due to a two-year-old flaw in Netgear’s routers. The flaw would let anyone gain remote access to its routers because Netgear wasn’t asking for any form of authentication via FTP, which was enabled by default.
Netgear Had Already Solved The Issue
Routers aren’t typically known for being the most secure devices in the world, nor are they often updated by their manufacturers. Even today, many router makers still don’t take security too seriously, which is why we still see things such as hard-coded passwords, backdoor accounts, or default credentials being used by the router makers. All of these “features” make it trivial for attackers to take over hundreds of thousands of routers at once after they learn about these vulnerabilities.
However, in this case, Netgear had known about this particular flaw for more than two years, which is also when it released (opens in new tab)a fix (opens in new tab) for it in a firmware update (opens in new tab). It may have been Netgear’s fault for releasing a router to which other parties can gain access by default without any authentication being required, but the Air Force also had two years to prevent this attack from happening by patching its own routers.
Netgear told Tom’s Hardware that its registered customers have been notified by email about new firmware updates and also that its customers can check the Router Update page to check if a new update is available. If you still haven't updated your router, even after the VPNFilter saga, then now may be a good time go look into that.