At Home Playing With OpenWRT? Time For An Update!

Source: Ars Technica At Home Playing With OpenWRT?  Time For An Update!

Unencrypted Updates Are Always A Bad Idea

OpenWRT has been discussed on the PC Perspective Podcast a number of times, it is an impressively powerful piece of open source firmware you can install on routers and a variety of other devices to give yourself more control over security, traffic and almost any other setting you want to dig into.  Unfortunately they’ve been a bit lax on their own software as it turns out the updates you have been grabbing are unencrypted and the security researcher that Ars Technica quotes describes defeating the digital-signature checks as a trivial task.

You don’t have to panic because you have been using and updating OpenWRT for years.  In order to successfully feed you a poisoned update an attacker would have had to have modified your DNS to be able to redirect you to a site of their choice as opposed to the legitimate one or to already be on your network and in a position to conduct a man-in-the-middle attack.

For the nonce, downloading version 18.06.7 or 19.07.1 is recommended as these include a temporary workaround solution which forces the hash check to work effectively, but it is not a permanent solution as attackers with a redirect in place could still point you at an older repository with older hashes which even the new versions would accept as valid.

For almost three years, OpenWRT—the open source operating system that powers home routers and other types of embedded systems—has been vulnerable to remote code-execution attacks because updates were delivered over an unencrypted channel and digital signature verifications are easy to bypass, a researcher said.

Video News

About The Author

Jeremy Hellstrom

Call it K7M.com, AMDMB.com, or PC Perspective, Jeremy has been hanging out and then working with the gang here for years. Apart from the front page you might find him on the BOINC Forums or possibly the Fraggin' Frogs if he has the time.

Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Podcasts

Archive & Timeline

Previous 12 months
Explore: All The Years!