Researchers uncover 125 vulnerabilities across 13 routers and NAS devices

Pooh
Pooh Member, Beta Tester Posts: 674
500 Likes 500 Comments 25 Answers 100 Agrees
✭✭✭✭✭
in Devices & Security #1

Yet more vulnerabilities found on consumer routers and other devices.


It's so easy to buy a device and set it up - it's so much harder to remember to keep it updated as changes are made and bugs fixed.


https://www.helpnetsecurity.com/2019/09/17/vulnerabilities-iot-devices/


People say nothing is impossible, but I do nothing every day.
GidsterkltaylorMarcJacco

Comments

  • kltaylor
    kltaylor Member, Beta Tester Posts: 1,231
    1000 Comments 500 Likes 50 Answers 100 Awesomes
    ✭✭✭✭✭✭
    #2
    Heading to read this now, @Pooh Thanks for sharing!
    "There's a fine line between audacity and idiocy."
    -Warden Anastasia Luccio, Captain
  • kltaylor
    kltaylor Member, Beta Tester Posts: 1,231
    1000 Comments 500 Likes 50 Answers 100 Awesomes
    ✭✭✭✭✭✭
    #3
    I've had experiences with many different NAS devices in a previous job as a Franchisor, it's good to see that among the devices listed, Synology seems to be 'on-top' without any issues of exploits.
    With that being said, I'm not advocating for Synology over the others, I am advocating though for implementation and sustaining your home network properly, even if it's using your neighbor down the street that's "good with computers'.
    When you consider the "cloud" services that consumer users use, feeling that they are relatively safe 'in their home', please think again.
    "There's a fine line between audacity and idiocy."
    -Warden Anastasia Luccio, Captain
    MarcJacco
  • Marc
    Marc Moderator, Beta Tester Posts: 3,178
    250 Answers 1,000 Likes 2500 Comments 250 Awesomes
    ✭✭✭✭✭✭✭
    #4
    And rule number one, change the default password to something different and complex... (and make sure you actually have a password enabled).  I've read so many times where an attack is successful because purchaser left everything at the default setting.  Easy thing to do and goes a long way.  
    Thats Daphnee, she's a good dog...
    kltaylor
  • kltaylor
    kltaylor Member, Beta Tester Posts: 1,231
    1000 Comments 500 Likes 50 Answers 100 Awesomes
    ✭✭✭✭✭✭
    #5
    Marc said:
    And rule number one, change the default password to something different and complex... (and make sure you actually have a password enabled).  I've read so many times where an attack is successful because purchaser left everything at the default setting.  Easy thing to do and goes a long way.  
    OMGosh yes.
    I've even disabled the Admin account just to ensure that nothing is 'factory' in my Synology.
    "There's a fine line between audacity and idiocy."
    -Warden Anastasia Luccio, Captain
  • Marc
    Marc Moderator, Beta Tester Posts: 3,178
    250 Answers 1,000 Likes 2500 Comments 250 Awesomes
    ✭✭✭✭✭✭✭
    #6
    If anything, I disable remote access to my router and NAS.  This way it’s not phoning home and can only be accessed locally for management.  @kltaylor, how do you access it if you’ve disabled the admin account?  Do you set up a new, different admin level account?
    Thats Daphnee, she's a good dog...
    kltaylor
  • kltaylor
    kltaylor Member, Beta Tester Posts: 1,231
    1000 Comments 500 Likes 50 Answers 100 Awesomes
    ✭✭✭✭✭✭
    #7
    Marc said:
    If anything, I disable remote access to my router and NAS.  This way it’s not phoning home and can only be accessed locally for management.  @kltaylor, how do you access it if you’ve disabled the admin account?  Do you set up a new, different admin level account?
    That's exactly what I do.
    The Synology has a pretty tight means to access the UI/Desktop, which also includes 2-factor authentication.  The admin account is actually disabled by default, at the point of initial setup you are walked through setting up the 'admin' account.
    "There's a fine line between audacity and idiocy."
    -Warden Anastasia Luccio, Captain
    MarcJacco

Categories