December 15, 2016 By Douglas Bonderud 2 min read

Hacks happen, and now they’re happening more often. Consumers and companies alike have become familiar with the typical process: Malicious actors compromise a device, security teams work out a fix and the attackers are sent packing for another day.

But what if it wasn’t possible to remove the infection? What if, once compromised, devices become little more than trash? According to Motherboard, a cybercriminal going by the moniker of BestBuy claimed to have accomplished such a feat by pushing a firmware update to vulnerable routers and keeping them permanently under his control. Is immovable malware the newest iteration of infection?

Turning Routers Into Paperweights

When routers are compromised, users follow a standard response path: Turn off the device and reboot to clear the infection, then update username and password settings. This often does the trick, since software is effectively neutralized once the router goes dark.

BestBuy, however, opted for a different malicious method. The fraudster claimed to have compromised 3.2 million home routers by pushing a new firmware update. This means that even after being reset, the routers still reach out to malicious servers instead of reverting to defaults.

What’s more, BestBuy said the infected routers “will not accept new firmware from … anyone,” according to Motherboard, meaning there’s no way to remove the infection or reclaim the router. In effect, compromised routers become little more than paperweights.

URLs shared by BestBuy seem to show millions of devices already compromised. Security experts agree that his claims are plausible, although researcher Andrew Tierney pointed out that “it is easy to mess up” this kind of firmware update. BestBut doens’t appear to have any larger agenda for his army of retrained routers.

Easy Targets for Firmware

BestBuy’s ability to infect and permanently compromise routers highlights the lack of security in most internet-facing devices. When the BBC presented TalkTalk with data suggesting that its routers had been compromised, the telecommunications company argued that there was “no need” for users to change router settings, despite reliable evidence that 57,000 devices were compromised.

According to a recent article from The Register, meanwhile, users of popular Netgear routers are also at risk. The bug, CVE-2016-582384, enables attackers to take total control if they convince anyone on the local network to open a booby-trapped webpage.

The U.S. Computer Emergency Readiness Team (US-CERT) advised users to hack their own routers using a URL that disables the built-in HTTP servers used to administer devices. Although this temporarily seals the security hole, it also leaves users unable to manage or control the router through the HTTP portal. Netgear is aware of the problem and developing a fix, but no word on how long that will take.

Router breaches aren’t terribly sophisticated, but they’re effective. When administered via firmware, these attacks can permanently infect target devices. So now, the race is on between cybercriminals and security pros. Will routers get the critical corrections they need in the short term, or will it take a major network breach to prompt better default defense?

More from

How governance, risk and compliance (GRC) addresses growing data liability concerns

4 min read - In an era where businesses increasingly rely on artificial intelligence (AI) and advanced data capabilities, the effectiveness of IT services is more critical than ever. Yet despite the advancements in technology, business leaders are increasingly dissatisfied with their IT departments.According to a study by IBM's Institute for Business Value, confidence in the effectiveness of basic IT services among top executives has significantly declined. While AI promises transformational capabilities, particularly generative artificial intelligence (gen AI), the road to realizing these benefits…

Risk, reward and reality: Has enterprise perception of the public cloud changed?

4 min read - Public clouds now form the bulk of enterprise IT environments. According to 2024 Statista data, 73% of enterprises use a hybrid cloud model, 14% use multiple public clouds and 10% use a single public cloud solution. Multiple and single private clouds make up the remaining 3%.With enterprises historically reticent to adopt public clouds, adoption data seems to indicate a shift in perception. Perhaps enterprise efforts have finally moved away from reducing risk to prioritizing the potential rewards of public cloud…

Cybersecurity Awareness Month: Horror stories

4 min read - When it comes to cybersecurity, the question is when, not if, an organization will suffer a cyber incident. Even the most sophisticated security tools can’t withstand the biggest threat: human behavior.October is Cybersecurity Awareness Month, the time of year when we celebrate all things scary. So it seemed appropriate to ask cybersecurity professionals to share some of their most memorable and haunting cyber incidents. (Names and companies are anonymous to avoid any negative impact. Suffering a cyber incident is bad…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today