Netgear Patched the Air Force's Router Problem Two Years Ago

According to the previous Recorded Future report, hackers were able to steal documents about the U.S. Military’s Reaper drones because the Air Force didn’t set the FTP password on its Netgear routers, which allowed the attackers to gain free access to the military’s computers. Netgear has now said this wouldn’t have been a problem if the Air Force had applied the firmware update the company released in 2016 for this very issue.

Air Force Hack

As we know from the previous report, the attackers first learned that the Air Force’s machines were vulnerable to hacking via its Netgear routers by using the search engine Shodan to scan the internet for non-secure devices. Shodan calls itself the “world's first search engine for Internet-connected devices.” However, it’s often used by malicious parties to scan for their hacking targets.

Once the attackers found Air Force’s routers, gaining access to them was trivial due to a two-year-old flaw in Netgear’s routers. The flaw would let anyone gain remote access to its routers because Netgear wasn’t asking for any form of authentication via FTP, which was enabled by default.

Netgear Had Already Solved The Issue

Routers aren’t typically known for being the most secure devices in the world, nor are they often updated by their manufacturers. Even today, many router makers still don’t take security too seriously, which is why we still see things such as hard-coded passwords, backdoor accounts, or default credentials being used by the router makers. All of these “features” make it trivial for attackers to take over hundreds of thousands of routers at once after they learn about these vulnerabilities.

However, in this case, Netgear had known about this particular flaw for more than two years, which is also when it released a fix for it in a firmware update. It may have been Netgear’s fault for releasing a router to which other parties can gain access by default without any authentication being required, but the Air Force also had two years to prevent this attack from happening by patching its own routers.

Netgear told Tom’s Hardware that its registered customers have been notified by email about new firmware updates and also that its customers can check the Router Update page to check if a new update is available. If you still haven't updated your router, even after the VPNFilter saga, then now may be a good time go look into that.

Create a new thread in the News comments forum about this subject
This thread is closed for comments
14 comments
Comment from the forums
    Your comment
  • drawingpin
    The updated firmware that Netgear came out with resulted in a lot of connection issues with their routers. They may not have applied this update for that reason. It's the reason why Netgear went back and I'm now using ASUS. Netgear know of the connection issues and have a beta update they'll supply you with when pushed.
  • gggplaya
    Anonymous said:
    The updated firmware that Netgear came out with resulted in a lot of connection issues with their routers. They may not have applied this update for that reason. It's the reason why Netgear went back and I'm now using ASUS. Netgear know of the connection issues and have a beta update they'll supply you with when pushed.


    I've also dumped all my netgear equipment (NAS and routers), it used to be good, but now their software team is garbage.

    I've since switched to QNAP for my NAS needs and Asus for my router needs. The ASUS router software is awesome, very stable and fast with great features. I'm very happy with it.
  • genz
    Anonymous said:
    The updated firmware that Netgear came out with resulted in a lot of connection issues with their routers. They may not have applied this update for that reason. It's the reason why Netgear went back and I'm now using ASUS. Netgear know of the connection issues and have a beta update they'll supply you with when pushed.


    Never heard of the USAF using beta gear though haha

    Now that would make for one hell of a drone party! :D