Buying a “Used” Router
I am buying a "new" router from an open-box sale at a company that liquidates eCommerce returns. Plan to use it for a home network at cottage.
I'm a bit nervous that it could have been modified by whoever had it last.
- What are the main risks in this scenario?
- What specific steps should one take before and during setup of a new router that someone else may have had access to in the past?
router
add a comment |
I am buying a "new" router from an open-box sale at a company that liquidates eCommerce returns. Plan to use it for a home network at cottage.
I'm a bit nervous that it could have been modified by whoever had it last.
- What are the main risks in this scenario?
- What specific steps should one take before and during setup of a new router that someone else may have had access to in the past?
router
Do you really need to do this to begin with? If a router is sufficiently expensive that it makes sense to buy a used one rather than a new one, it's probably full of junk you don't want or need. Is this for a home or small office wifi router? Or something for major network infrastructure?
– R..
1 hour ago
add a comment |
I am buying a "new" router from an open-box sale at a company that liquidates eCommerce returns. Plan to use it for a home network at cottage.
I'm a bit nervous that it could have been modified by whoever had it last.
- What are the main risks in this scenario?
- What specific steps should one take before and during setup of a new router that someone else may have had access to in the past?
router
I am buying a "new" router from an open-box sale at a company that liquidates eCommerce returns. Plan to use it for a home network at cottage.
I'm a bit nervous that it could have been modified by whoever had it last.
- What are the main risks in this scenario?
- What specific steps should one take before and during setup of a new router that someone else may have had access to in the past?
router
router
asked 10 hours ago
GWRGWR
29619
29619
Do you really need to do this to begin with? If a router is sufficiently expensive that it makes sense to buy a used one rather than a new one, it's probably full of junk you don't want or need. Is this for a home or small office wifi router? Or something for major network infrastructure?
– R..
1 hour ago
add a comment |
Do you really need to do this to begin with? If a router is sufficiently expensive that it makes sense to buy a used one rather than a new one, it's probably full of junk you don't want or need. Is this for a home or small office wifi router? Or something for major network infrastructure?
– R..
1 hour ago
Do you really need to do this to begin with? If a router is sufficiently expensive that it makes sense to buy a used one rather than a new one, it's probably full of junk you don't want or need. Is this for a home or small office wifi router? Or something for major network infrastructure?
– R..
1 hour ago
Do you really need to do this to begin with? If a router is sufficiently expensive that it makes sense to buy a used one rather than a new one, it's probably full of junk you don't want or need. Is this for a home or small office wifi router? Or something for major network infrastructure?
– R..
1 hour ago
add a comment |
4 Answers
4
active
oldest
votes
Short answer: do a factory reset, update the firmware, and you are good to go.
The risk is very low, bordering zero. The previous owner may have installed a custom firmware or changed its configuration, but a firmware upgrade and factory reset is enough to take care of almost every change.
The risk that the previous owner tampered with the router and his changes can survive even a firmware upgrade and factory reset is negligible.
So, don't worry, unless you are a person of special interest: working on top-secret stuff or have privileged financial information on a big enterprise. But as you are buying a used router, I bet you are a common guy and would not be a target for those attacks.
2
Wouldn't most people on stackoverflow/serverfault be persons of interest? They make software that gets deployed in lots of places, or manage systems for corporations. Even so, I agree with your answer in that "the risk is very low, bordering on zero", but the "person of special interest" category is broader than people often realize. Intelligence agencies are known to target sysadmins in particular. As a security consultant who knows of vulnerabilities before they are fixed, I can imagine what interest I might attract, and boy do I feel ordinary compared to the interesting people on this site.
– Luc
6 hours ago
13
The Evil Organization would have to predict when I am going to buy a router, predict which make/model I will buy, where I will buy, go there before, buy all the routers on the place, put a backdoor on each one, return every one, and wait for me to buy the compromised router. I don't think is plausible...
– ThoriumBR
6 hours ago
4
Possible, yes, but so improbable that can be dismissed. It's orders of magnitude easier to just exploit a zero-day on the router I currently have...
– ThoriumBR
6 hours ago
1
@.ThoriumBR You are right. I didn't think through how much work it would be: even if we are generally interesting targets, this doesn't scale.
– Luc
6 hours ago
6
Trust me, you're not that interesting.
– hft
4 hours ago
add a comment |
The main risk is that the firmware has been replaced by a malicious version, which could make it possible to intercept all the traffic on your network. Passwords, injecting malware, redirecting you to malicious sites, etc. That's a worst-case scenario but easy for someone to do.
You want to factory reset the device to try to clear out anything that the previous owner may have set up in the factory firmware.
But more importantly, you want to see if the firmware has been changed by looking to see if the case has been opened or tampered with and to see if the operating system of the router has changed. But that might not be enough. It is easy to simulate the OS and website on a router.
Something that you could do is to replace the firmware with one of your own. That should wipe out any malicious firmware on the device. There are open-source after-market firmware you can use.
1
what about downloading a new firmware from the router's support site (rather than openWRT)?
– dandavis
10 hours ago
3
If there is one available from the router's manufacturer, it should be the preferred one!
– CyberDude
9 hours ago
1
Sure, if available.
– schroeder♦
9 hours ago
Given how common authenticated command injection / code execution (eg via firmware update, or just bad coding) attacks are in routers, I'm not sure if checking for hardware tampering is enough. And if an attacker has tampered with the firmware, they should be able to fake any firmware update, or place a backdoor in any newly installed firmware. For an update via web interface of the router, this should be trivial, for an update via serial interface or firmware reset probably a bit more difficult (though I'm not sure how much more; if you could add more info about this, that would be great).
– tim
7 hours ago
add a comment |
By far, your main risk in buying an "open box" router is that the router has some subtle damage that the manufacturer didn't detect but that will ultimately reduce the lifespan of the device. That's one reason why they often have reduced warranties.
Security-wise, the risk is negligible if you do a factory reset and re-flash the firmware. That should re-write everything in programmable memory and erase anything malicious that a previous user might have loaded. In fact, this is a best practice even for new routers. I've bought new routers multiple times only to learn that they were still programmed for what was clearly a test network at the factory.
Persistent malware is a real thing, but it's not something to worry too much about. After all, a "brand new" router could have had persistent malware loaded at the factory, so this isn't a risk you can completely mitigate.
New contributor
add a comment |
Technically there is a risk that the previous owner has installed custom modified firmware with a backdoor.
It is unlikely that the average person has installed custom firmware. Most people don't care about their routers and rarely update them, let alone upgrade them with custom firmware. IF custom firmware was installed it is most likely something benign like DD-WRT, OpenWRT or similar.
And even if they did install custom firmware, it is easily erased with a factory reset or by installing custom firmware of your own. Download the newest firmware package from the manufacturer and flash to the router before plugging the router into either the internet or your local network.
I am splitting this answer because this second case does not apply to the overwhelming majority of people.
Unless you are a UN Peacekeeper, Top Secret Government Agent, Elite Hacker under investigation, CEO of a major corporation, or otherwise have important information or many well funded enemies, stop reading now.
It is technically possible, but incredibly unlikely, that there is a threat on that router that a factory reset/reflash will not remove. This is incredibly unlikely unless you are a high value target. The overwhelming majority of people should not be concerned about this case.
If someone wants to target you, there are many better and cheaper ways to target you than discovering a new vulnerability in that router or building a fake router to trick you.
If you are worried about this incredibly unlikely scenario, then your safest bet is to buy new hardware directly from the factory.
1
FYI, after reading your answer, my takeaway is that ThoriumBR said the same thing more concisely two hours before you (and you also use bold/italics a lot: if almost every paragraph has highlighting, and it's just one or a few words so you need to read the context around it, then nothing is highlighted).
– Luc
6 hours ago
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e) {
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom)) {
StackExchange.using('gps', function() { StackExchange.gps.track('embedded_signup_form.view', { location: 'question_page' }); });
$window.unbind('scroll', onScroll);
}
};
$window.on('scroll', onScroll);
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f203859%2fbuying-a-used-router%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
Short answer: do a factory reset, update the firmware, and you are good to go.
The risk is very low, bordering zero. The previous owner may have installed a custom firmware or changed its configuration, but a firmware upgrade and factory reset is enough to take care of almost every change.
The risk that the previous owner tampered with the router and his changes can survive even a firmware upgrade and factory reset is negligible.
So, don't worry, unless you are a person of special interest: working on top-secret stuff or have privileged financial information on a big enterprise. But as you are buying a used router, I bet you are a common guy and would not be a target for those attacks.
2
Wouldn't most people on stackoverflow/serverfault be persons of interest? They make software that gets deployed in lots of places, or manage systems for corporations. Even so, I agree with your answer in that "the risk is very low, bordering on zero", but the "person of special interest" category is broader than people often realize. Intelligence agencies are known to target sysadmins in particular. As a security consultant who knows of vulnerabilities before they are fixed, I can imagine what interest I might attract, and boy do I feel ordinary compared to the interesting people on this site.
– Luc
6 hours ago
13
The Evil Organization would have to predict when I am going to buy a router, predict which make/model I will buy, where I will buy, go there before, buy all the routers on the place, put a backdoor on each one, return every one, and wait for me to buy the compromised router. I don't think is plausible...
– ThoriumBR
6 hours ago
4
Possible, yes, but so improbable that can be dismissed. It's orders of magnitude easier to just exploit a zero-day on the router I currently have...
– ThoriumBR
6 hours ago
1
@.ThoriumBR You are right. I didn't think through how much work it would be: even if we are generally interesting targets, this doesn't scale.
– Luc
6 hours ago
6
Trust me, you're not that interesting.
– hft
4 hours ago
add a comment |
Short answer: do a factory reset, update the firmware, and you are good to go.
The risk is very low, bordering zero. The previous owner may have installed a custom firmware or changed its configuration, but a firmware upgrade and factory reset is enough to take care of almost every change.
The risk that the previous owner tampered with the router and his changes can survive even a firmware upgrade and factory reset is negligible.
So, don't worry, unless you are a person of special interest: working on top-secret stuff or have privileged financial information on a big enterprise. But as you are buying a used router, I bet you are a common guy and would not be a target for those attacks.
2
Wouldn't most people on stackoverflow/serverfault be persons of interest? They make software that gets deployed in lots of places, or manage systems for corporations. Even so, I agree with your answer in that "the risk is very low, bordering on zero", but the "person of special interest" category is broader than people often realize. Intelligence agencies are known to target sysadmins in particular. As a security consultant who knows of vulnerabilities before they are fixed, I can imagine what interest I might attract, and boy do I feel ordinary compared to the interesting people on this site.
– Luc
6 hours ago
13
The Evil Organization would have to predict when I am going to buy a router, predict which make/model I will buy, where I will buy, go there before, buy all the routers on the place, put a backdoor on each one, return every one, and wait for me to buy the compromised router. I don't think is plausible...
– ThoriumBR
6 hours ago
4
Possible, yes, but so improbable that can be dismissed. It's orders of magnitude easier to just exploit a zero-day on the router I currently have...
– ThoriumBR
6 hours ago
1
@.ThoriumBR You are right. I didn't think through how much work it would be: even if we are generally interesting targets, this doesn't scale.
– Luc
6 hours ago
6
Trust me, you're not that interesting.
– hft
4 hours ago
add a comment |
Short answer: do a factory reset, update the firmware, and you are good to go.
The risk is very low, bordering zero. The previous owner may have installed a custom firmware or changed its configuration, but a firmware upgrade and factory reset is enough to take care of almost every change.
The risk that the previous owner tampered with the router and his changes can survive even a firmware upgrade and factory reset is negligible.
So, don't worry, unless you are a person of special interest: working on top-secret stuff or have privileged financial information on a big enterprise. But as you are buying a used router, I bet you are a common guy and would not be a target for those attacks.
Short answer: do a factory reset, update the firmware, and you are good to go.
The risk is very low, bordering zero. The previous owner may have installed a custom firmware or changed its configuration, but a firmware upgrade and factory reset is enough to take care of almost every change.
The risk that the previous owner tampered with the router and his changes can survive even a firmware upgrade and factory reset is negligible.
So, don't worry, unless you are a person of special interest: working on top-secret stuff or have privileged financial information on a big enterprise. But as you are buying a used router, I bet you are a common guy and would not be a target for those attacks.
edited 7 hours ago
answered 10 hours ago
ThoriumBRThoriumBR
22.4k65470
22.4k65470
2
Wouldn't most people on stackoverflow/serverfault be persons of interest? They make software that gets deployed in lots of places, or manage systems for corporations. Even so, I agree with your answer in that "the risk is very low, bordering on zero", but the "person of special interest" category is broader than people often realize. Intelligence agencies are known to target sysadmins in particular. As a security consultant who knows of vulnerabilities before they are fixed, I can imagine what interest I might attract, and boy do I feel ordinary compared to the interesting people on this site.
– Luc
6 hours ago
13
The Evil Organization would have to predict when I am going to buy a router, predict which make/model I will buy, where I will buy, go there before, buy all the routers on the place, put a backdoor on each one, return every one, and wait for me to buy the compromised router. I don't think is plausible...
– ThoriumBR
6 hours ago
4
Possible, yes, but so improbable that can be dismissed. It's orders of magnitude easier to just exploit a zero-day on the router I currently have...
– ThoriumBR
6 hours ago
1
@.ThoriumBR You are right. I didn't think through how much work it would be: even if we are generally interesting targets, this doesn't scale.
– Luc
6 hours ago
6
Trust me, you're not that interesting.
– hft
4 hours ago
add a comment |
2
Wouldn't most people on stackoverflow/serverfault be persons of interest? They make software that gets deployed in lots of places, or manage systems for corporations. Even so, I agree with your answer in that "the risk is very low, bordering on zero", but the "person of special interest" category is broader than people often realize. Intelligence agencies are known to target sysadmins in particular. As a security consultant who knows of vulnerabilities before they are fixed, I can imagine what interest I might attract, and boy do I feel ordinary compared to the interesting people on this site.
– Luc
6 hours ago
13
The Evil Organization would have to predict when I am going to buy a router, predict which make/model I will buy, where I will buy, go there before, buy all the routers on the place, put a backdoor on each one, return every one, and wait for me to buy the compromised router. I don't think is plausible...
– ThoriumBR
6 hours ago
4
Possible, yes, but so improbable that can be dismissed. It's orders of magnitude easier to just exploit a zero-day on the router I currently have...
– ThoriumBR
6 hours ago
1
@.ThoriumBR You are right. I didn't think through how much work it would be: even if we are generally interesting targets, this doesn't scale.
– Luc
6 hours ago
6
Trust me, you're not that interesting.
– hft
4 hours ago
2
2
Wouldn't most people on stackoverflow/serverfault be persons of interest? They make software that gets deployed in lots of places, or manage systems for corporations. Even so, I agree with your answer in that "the risk is very low, bordering on zero", but the "person of special interest" category is broader than people often realize. Intelligence agencies are known to target sysadmins in particular. As a security consultant who knows of vulnerabilities before they are fixed, I can imagine what interest I might attract, and boy do I feel ordinary compared to the interesting people on this site.
– Luc
6 hours ago
Wouldn't most people on stackoverflow/serverfault be persons of interest? They make software that gets deployed in lots of places, or manage systems for corporations. Even so, I agree with your answer in that "the risk is very low, bordering on zero", but the "person of special interest" category is broader than people often realize. Intelligence agencies are known to target sysadmins in particular. As a security consultant who knows of vulnerabilities before they are fixed, I can imagine what interest I might attract, and boy do I feel ordinary compared to the interesting people on this site.
– Luc
6 hours ago
13
13
The Evil Organization would have to predict when I am going to buy a router, predict which make/model I will buy, where I will buy, go there before, buy all the routers on the place, put a backdoor on each one, return every one, and wait for me to buy the compromised router. I don't think is plausible...
– ThoriumBR
6 hours ago
The Evil Organization would have to predict when I am going to buy a router, predict which make/model I will buy, where I will buy, go there before, buy all the routers on the place, put a backdoor on each one, return every one, and wait for me to buy the compromised router. I don't think is plausible...
– ThoriumBR
6 hours ago
4
4
Possible, yes, but so improbable that can be dismissed. It's orders of magnitude easier to just exploit a zero-day on the router I currently have...
– ThoriumBR
6 hours ago
Possible, yes, but so improbable that can be dismissed. It's orders of magnitude easier to just exploit a zero-day on the router I currently have...
– ThoriumBR
6 hours ago
1
1
@.ThoriumBR You are right. I didn't think through how much work it would be: even if we are generally interesting targets, this doesn't scale.
– Luc
6 hours ago
@.ThoriumBR You are right. I didn't think through how much work it would be: even if we are generally interesting targets, this doesn't scale.
– Luc
6 hours ago
6
6
Trust me, you're not that interesting.
– hft
4 hours ago
Trust me, you're not that interesting.
– hft
4 hours ago
add a comment |
The main risk is that the firmware has been replaced by a malicious version, which could make it possible to intercept all the traffic on your network. Passwords, injecting malware, redirecting you to malicious sites, etc. That's a worst-case scenario but easy for someone to do.
You want to factory reset the device to try to clear out anything that the previous owner may have set up in the factory firmware.
But more importantly, you want to see if the firmware has been changed by looking to see if the case has been opened or tampered with and to see if the operating system of the router has changed. But that might not be enough. It is easy to simulate the OS and website on a router.
Something that you could do is to replace the firmware with one of your own. That should wipe out any malicious firmware on the device. There are open-source after-market firmware you can use.
1
what about downloading a new firmware from the router's support site (rather than openWRT)?
– dandavis
10 hours ago
3
If there is one available from the router's manufacturer, it should be the preferred one!
– CyberDude
9 hours ago
1
Sure, if available.
– schroeder♦
9 hours ago
Given how common authenticated command injection / code execution (eg via firmware update, or just bad coding) attacks are in routers, I'm not sure if checking for hardware tampering is enough. And if an attacker has tampered with the firmware, they should be able to fake any firmware update, or place a backdoor in any newly installed firmware. For an update via web interface of the router, this should be trivial, for an update via serial interface or firmware reset probably a bit more difficult (though I'm not sure how much more; if you could add more info about this, that would be great).
– tim
7 hours ago
add a comment |
The main risk is that the firmware has been replaced by a malicious version, which could make it possible to intercept all the traffic on your network. Passwords, injecting malware, redirecting you to malicious sites, etc. That's a worst-case scenario but easy for someone to do.
You want to factory reset the device to try to clear out anything that the previous owner may have set up in the factory firmware.
But more importantly, you want to see if the firmware has been changed by looking to see if the case has been opened or tampered with and to see if the operating system of the router has changed. But that might not be enough. It is easy to simulate the OS and website on a router.
Something that you could do is to replace the firmware with one of your own. That should wipe out any malicious firmware on the device. There are open-source after-market firmware you can use.
1
what about downloading a new firmware from the router's support site (rather than openWRT)?
– dandavis
10 hours ago
3
If there is one available from the router's manufacturer, it should be the preferred one!
– CyberDude
9 hours ago
1
Sure, if available.
– schroeder♦
9 hours ago
Given how common authenticated command injection / code execution (eg via firmware update, or just bad coding) attacks are in routers, I'm not sure if checking for hardware tampering is enough. And if an attacker has tampered with the firmware, they should be able to fake any firmware update, or place a backdoor in any newly installed firmware. For an update via web interface of the router, this should be trivial, for an update via serial interface or firmware reset probably a bit more difficult (though I'm not sure how much more; if you could add more info about this, that would be great).
– tim
7 hours ago
add a comment |
The main risk is that the firmware has been replaced by a malicious version, which could make it possible to intercept all the traffic on your network. Passwords, injecting malware, redirecting you to malicious sites, etc. That's a worst-case scenario but easy for someone to do.
You want to factory reset the device to try to clear out anything that the previous owner may have set up in the factory firmware.
But more importantly, you want to see if the firmware has been changed by looking to see if the case has been opened or tampered with and to see if the operating system of the router has changed. But that might not be enough. It is easy to simulate the OS and website on a router.
Something that you could do is to replace the firmware with one of your own. That should wipe out any malicious firmware on the device. There are open-source after-market firmware you can use.
The main risk is that the firmware has been replaced by a malicious version, which could make it possible to intercept all the traffic on your network. Passwords, injecting malware, redirecting you to malicious sites, etc. That's a worst-case scenario but easy for someone to do.
You want to factory reset the device to try to clear out anything that the previous owner may have set up in the factory firmware.
But more importantly, you want to see if the firmware has been changed by looking to see if the case has been opened or tampered with and to see if the operating system of the router has changed. But that might not be enough. It is easy to simulate the OS and website on a router.
Something that you could do is to replace the firmware with one of your own. That should wipe out any malicious firmware on the device. There are open-source after-market firmware you can use.
answered 10 hours ago
schroeder♦schroeder
76.1k29169204
76.1k29169204
1
what about downloading a new firmware from the router's support site (rather than openWRT)?
– dandavis
10 hours ago
3
If there is one available from the router's manufacturer, it should be the preferred one!
– CyberDude
9 hours ago
1
Sure, if available.
– schroeder♦
9 hours ago
Given how common authenticated command injection / code execution (eg via firmware update, or just bad coding) attacks are in routers, I'm not sure if checking for hardware tampering is enough. And if an attacker has tampered with the firmware, they should be able to fake any firmware update, or place a backdoor in any newly installed firmware. For an update via web interface of the router, this should be trivial, for an update via serial interface or firmware reset probably a bit more difficult (though I'm not sure how much more; if you could add more info about this, that would be great).
– tim
7 hours ago
add a comment |
1
what about downloading a new firmware from the router's support site (rather than openWRT)?
– dandavis
10 hours ago
3
If there is one available from the router's manufacturer, it should be the preferred one!
– CyberDude
9 hours ago
1
Sure, if available.
– schroeder♦
9 hours ago
Given how common authenticated command injection / code execution (eg via firmware update, or just bad coding) attacks are in routers, I'm not sure if checking for hardware tampering is enough. And if an attacker has tampered with the firmware, they should be able to fake any firmware update, or place a backdoor in any newly installed firmware. For an update via web interface of the router, this should be trivial, for an update via serial interface or firmware reset probably a bit more difficult (though I'm not sure how much more; if you could add more info about this, that would be great).
– tim
7 hours ago
1
1
what about downloading a new firmware from the router's support site (rather than openWRT)?
– dandavis
10 hours ago
what about downloading a new firmware from the router's support site (rather than openWRT)?
– dandavis
10 hours ago
3
3
If there is one available from the router's manufacturer, it should be the preferred one!
– CyberDude
9 hours ago
If there is one available from the router's manufacturer, it should be the preferred one!
– CyberDude
9 hours ago
1
1
Sure, if available.
– schroeder♦
9 hours ago
Sure, if available.
– schroeder♦
9 hours ago
Given how common authenticated command injection / code execution (eg via firmware update, or just bad coding) attacks are in routers, I'm not sure if checking for hardware tampering is enough. And if an attacker has tampered with the firmware, they should be able to fake any firmware update, or place a backdoor in any newly installed firmware. For an update via web interface of the router, this should be trivial, for an update via serial interface or firmware reset probably a bit more difficult (though I'm not sure how much more; if you could add more info about this, that would be great).
– tim
7 hours ago
Given how common authenticated command injection / code execution (eg via firmware update, or just bad coding) attacks are in routers, I'm not sure if checking for hardware tampering is enough. And if an attacker has tampered with the firmware, they should be able to fake any firmware update, or place a backdoor in any newly installed firmware. For an update via web interface of the router, this should be trivial, for an update via serial interface or firmware reset probably a bit more difficult (though I'm not sure how much more; if you could add more info about this, that would be great).
– tim
7 hours ago
add a comment |
By far, your main risk in buying an "open box" router is that the router has some subtle damage that the manufacturer didn't detect but that will ultimately reduce the lifespan of the device. That's one reason why they often have reduced warranties.
Security-wise, the risk is negligible if you do a factory reset and re-flash the firmware. That should re-write everything in programmable memory and erase anything malicious that a previous user might have loaded. In fact, this is a best practice even for new routers. I've bought new routers multiple times only to learn that they were still programmed for what was clearly a test network at the factory.
Persistent malware is a real thing, but it's not something to worry too much about. After all, a "brand new" router could have had persistent malware loaded at the factory, so this isn't a risk you can completely mitigate.
New contributor
add a comment |
By far, your main risk in buying an "open box" router is that the router has some subtle damage that the manufacturer didn't detect but that will ultimately reduce the lifespan of the device. That's one reason why they often have reduced warranties.
Security-wise, the risk is negligible if you do a factory reset and re-flash the firmware. That should re-write everything in programmable memory and erase anything malicious that a previous user might have loaded. In fact, this is a best practice even for new routers. I've bought new routers multiple times only to learn that they were still programmed for what was clearly a test network at the factory.
Persistent malware is a real thing, but it's not something to worry too much about. After all, a "brand new" router could have had persistent malware loaded at the factory, so this isn't a risk you can completely mitigate.
New contributor
add a comment |
By far, your main risk in buying an "open box" router is that the router has some subtle damage that the manufacturer didn't detect but that will ultimately reduce the lifespan of the device. That's one reason why they often have reduced warranties.
Security-wise, the risk is negligible if you do a factory reset and re-flash the firmware. That should re-write everything in programmable memory and erase anything malicious that a previous user might have loaded. In fact, this is a best practice even for new routers. I've bought new routers multiple times only to learn that they were still programmed for what was clearly a test network at the factory.
Persistent malware is a real thing, but it's not something to worry too much about. After all, a "brand new" router could have had persistent malware loaded at the factory, so this isn't a risk you can completely mitigate.
New contributor
By far, your main risk in buying an "open box" router is that the router has some subtle damage that the manufacturer didn't detect but that will ultimately reduce the lifespan of the device. That's one reason why they often have reduced warranties.
Security-wise, the risk is negligible if you do a factory reset and re-flash the firmware. That should re-write everything in programmable memory and erase anything malicious that a previous user might have loaded. In fact, this is a best practice even for new routers. I've bought new routers multiple times only to learn that they were still programmed for what was clearly a test network at the factory.
Persistent malware is a real thing, but it's not something to worry too much about. After all, a "brand new" router could have had persistent malware loaded at the factory, so this isn't a risk you can completely mitigate.
New contributor
New contributor
answered 8 hours ago
btabta
1613
1613
New contributor
New contributor
add a comment |
add a comment |
Technically there is a risk that the previous owner has installed custom modified firmware with a backdoor.
It is unlikely that the average person has installed custom firmware. Most people don't care about their routers and rarely update them, let alone upgrade them with custom firmware. IF custom firmware was installed it is most likely something benign like DD-WRT, OpenWRT or similar.
And even if they did install custom firmware, it is easily erased with a factory reset or by installing custom firmware of your own. Download the newest firmware package from the manufacturer and flash to the router before plugging the router into either the internet or your local network.
I am splitting this answer because this second case does not apply to the overwhelming majority of people.
Unless you are a UN Peacekeeper, Top Secret Government Agent, Elite Hacker under investigation, CEO of a major corporation, or otherwise have important information or many well funded enemies, stop reading now.
It is technically possible, but incredibly unlikely, that there is a threat on that router that a factory reset/reflash will not remove. This is incredibly unlikely unless you are a high value target. The overwhelming majority of people should not be concerned about this case.
If someone wants to target you, there are many better and cheaper ways to target you than discovering a new vulnerability in that router or building a fake router to trick you.
If you are worried about this incredibly unlikely scenario, then your safest bet is to buy new hardware directly from the factory.
1
FYI, after reading your answer, my takeaway is that ThoriumBR said the same thing more concisely two hours before you (and you also use bold/italics a lot: if almost every paragraph has highlighting, and it's just one or a few words so you need to read the context around it, then nothing is highlighted).
– Luc
6 hours ago
add a comment |
Technically there is a risk that the previous owner has installed custom modified firmware with a backdoor.
It is unlikely that the average person has installed custom firmware. Most people don't care about their routers and rarely update them, let alone upgrade them with custom firmware. IF custom firmware was installed it is most likely something benign like DD-WRT, OpenWRT or similar.
And even if they did install custom firmware, it is easily erased with a factory reset or by installing custom firmware of your own. Download the newest firmware package from the manufacturer and flash to the router before plugging the router into either the internet or your local network.
I am splitting this answer because this second case does not apply to the overwhelming majority of people.
Unless you are a UN Peacekeeper, Top Secret Government Agent, Elite Hacker under investigation, CEO of a major corporation, or otherwise have important information or many well funded enemies, stop reading now.
It is technically possible, but incredibly unlikely, that there is a threat on that router that a factory reset/reflash will not remove. This is incredibly unlikely unless you are a high value target. The overwhelming majority of people should not be concerned about this case.
If someone wants to target you, there are many better and cheaper ways to target you than discovering a new vulnerability in that router or building a fake router to trick you.
If you are worried about this incredibly unlikely scenario, then your safest bet is to buy new hardware directly from the factory.
1
FYI, after reading your answer, my takeaway is that ThoriumBR said the same thing more concisely two hours before you (and you also use bold/italics a lot: if almost every paragraph has highlighting, and it's just one or a few words so you need to read the context around it, then nothing is highlighted).
– Luc
6 hours ago
add a comment |
Technically there is a risk that the previous owner has installed custom modified firmware with a backdoor.
It is unlikely that the average person has installed custom firmware. Most people don't care about their routers and rarely update them, let alone upgrade them with custom firmware. IF custom firmware was installed it is most likely something benign like DD-WRT, OpenWRT or similar.
And even if they did install custom firmware, it is easily erased with a factory reset or by installing custom firmware of your own. Download the newest firmware package from the manufacturer and flash to the router before plugging the router into either the internet or your local network.
I am splitting this answer because this second case does not apply to the overwhelming majority of people.
Unless you are a UN Peacekeeper, Top Secret Government Agent, Elite Hacker under investigation, CEO of a major corporation, or otherwise have important information or many well funded enemies, stop reading now.
It is technically possible, but incredibly unlikely, that there is a threat on that router that a factory reset/reflash will not remove. This is incredibly unlikely unless you are a high value target. The overwhelming majority of people should not be concerned about this case.
If someone wants to target you, there are many better and cheaper ways to target you than discovering a new vulnerability in that router or building a fake router to trick you.
If you are worried about this incredibly unlikely scenario, then your safest bet is to buy new hardware directly from the factory.
Technically there is a risk that the previous owner has installed custom modified firmware with a backdoor.
It is unlikely that the average person has installed custom firmware. Most people don't care about their routers and rarely update them, let alone upgrade them with custom firmware. IF custom firmware was installed it is most likely something benign like DD-WRT, OpenWRT or similar.
And even if they did install custom firmware, it is easily erased with a factory reset or by installing custom firmware of your own. Download the newest firmware package from the manufacturer and flash to the router before plugging the router into either the internet or your local network.
I am splitting this answer because this second case does not apply to the overwhelming majority of people.
Unless you are a UN Peacekeeper, Top Secret Government Agent, Elite Hacker under investigation, CEO of a major corporation, or otherwise have important information or many well funded enemies, stop reading now.
It is technically possible, but incredibly unlikely, that there is a threat on that router that a factory reset/reflash will not remove. This is incredibly unlikely unless you are a high value target. The overwhelming majority of people should not be concerned about this case.
If someone wants to target you, there are many better and cheaper ways to target you than discovering a new vulnerability in that router or building a fake router to trick you.
If you are worried about this incredibly unlikely scenario, then your safest bet is to buy new hardware directly from the factory.
answered 7 hours ago
VidiaVidia
1493
1493
1
FYI, after reading your answer, my takeaway is that ThoriumBR said the same thing more concisely two hours before you (and you also use bold/italics a lot: if almost every paragraph has highlighting, and it's just one or a few words so you need to read the context around it, then nothing is highlighted).
– Luc
6 hours ago
add a comment |
1
FYI, after reading your answer, my takeaway is that ThoriumBR said the same thing more concisely two hours before you (and you also use bold/italics a lot: if almost every paragraph has highlighting, and it's just one or a few words so you need to read the context around it, then nothing is highlighted).
– Luc
6 hours ago
1
1
FYI, after reading your answer, my takeaway is that ThoriumBR said the same thing more concisely two hours before you (and you also use bold/italics a lot: if almost every paragraph has highlighting, and it's just one or a few words so you need to read the context around it, then nothing is highlighted).
– Luc
6 hours ago
FYI, after reading your answer, my takeaway is that ThoriumBR said the same thing more concisely two hours before you (and you also use bold/italics a lot: if almost every paragraph has highlighting, and it's just one or a few words so you need to read the context around it, then nothing is highlighted).
– Luc
6 hours ago
add a comment |
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e) {
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom)) {
StackExchange.using('gps', function() { StackExchange.gps.track('embedded_signup_form.view', { location: 'question_page' }); });
$window.unbind('scroll', onScroll);
}
};
$window.on('scroll', onScroll);
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f203859%2fbuying-a-used-router%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e) {
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom)) {
StackExchange.using('gps', function() { StackExchange.gps.track('embedded_signup_form.view', { location: 'question_page' }); });
$window.unbind('scroll', onScroll);
}
};
$window.on('scroll', onScroll);
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e) {
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom)) {
StackExchange.using('gps', function() { StackExchange.gps.track('embedded_signup_form.view', { location: 'question_page' }); });
$window.unbind('scroll', onScroll);
}
};
$window.on('scroll', onScroll);
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e) {
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom)) {
StackExchange.using('gps', function() { StackExchange.gps.track('embedded_signup_form.view', { location: 'question_page' }); });
$window.unbind('scroll', onScroll);
}
};
$window.on('scroll', onScroll);
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Do you really need to do this to begin with? If a router is sufficiently expensive that it makes sense to buy a used one rather than a new one, it's probably full of junk you don't want or need. Is this for a home or small office wifi router? Or something for major network infrastructure?
– R..
1 hour ago