Tuesday, February 28, 2017

Fritzbox-Hack & first firmware updates: BSI advises to urgent action

Update 3 (13.02.2014): After the Fritzbox hack and the first available firmware updates for AVM router, the BSI strongly advises the users to install a possibly provided patch. According to reports, so far only one in five has done so far.


The BSI (Federal Office for Information Security) emphasizes that hackers can reach the router via remote security vulnerabilities (HTTPS port 443). Then the path to the connected computers and network hard disks would hardly be a significant hurdle for cybercriminals.


If passwords are filed on the Fritzbox, then these are found just as quickly as they are captured. Look at the configuration interface of your Fritzbox (in the browser "fritz.box" enter) under the menu point System, if an update is available. Then follow the steps and warnings that are displayed.


Update 2 (10.02.2014): The Fritzbox hacks have an end soon. The Fritz box manufacturer AVM has apparently solved the security gap in the remote access port 443 and now offers patches and firmware updates for the first devices for download.


AVM had told users after the hacker attack on the Fritzboxes first, to renounce the remote access and change as fast as possible all access data. After a busy weekend, AVM now provides updated firmware updates for 19 nationally and 12 internationally deployed models, and advises all affected parties to implement updates as soon as possible.


AVM is also planning to update the 6320, 6340 and 6360 models used in cable networks.


Update 1 (07.02.2014): The Fritzbox-Hack continues to plague users, manufacturers and providers. The preliminary solution, to avoid horrendous telephone bills and data theft, assumes further dimensions. If it was first enough to change all relevant safety data, users are currently completely to forego remote access. This informs AVM in a further message after the first security warning. So far, only users who have activated remote access (HTTPS port 443), for example via the MyFritz! Service, have been affected.


By default, the service is disabled. Corresponding users will find instructions on the manufacturer's website to disable remote access. AVM says that this is necessary since it is unknown how the unknown hackers have come to all the necessary data. AVM works together with the authorities to create clarity quickly. Read all details in the original message.


Original message: Fritzbox owners who have a HTTPS remote access (Port 443) or the "MyFritz!" Service in their router activated, should quickly change all access data. Unknown hackers are currently providing isolated access to Fritzboxes, set up virtual IP phones and phone calls at user costs. According to reports, this is not a question of personal individual telephone calls, but rather a large number of expensive individual connections abroad.


In concrete terms, countless connections with a duration of one second each were built up in the Falkland Islands. The evil awakening in the individual case: up to 4,200 euros on the telephone bill. In that case, the said amount had come within half an hour. It is unknown who is behind this phone riot. It is assumed that the perpetrators on the basis of commission on the established telephone connections.


AVM - manufacturer of Fritzbox devices - announces in a recent announcement that currently "a few dozen" cases have become known. The incidents can not be limited to individual providers. Both customers of 1 & 1 as well as Unitymedia are affected - distributed over the entire federal territory as reported by Spiegel Online. In most cases, the supplier reports behave in a culpable manner. So check if you have a Fritzbox, immediately the list of the guided phone calls on your Fritzbox surface. If possible, please contact your provider immediately.


Lesetipp: VPN client on Fritzbox for more security and comfort


Currently, the affected parties - both users and vendors and manufacturers - are at a loss as to how such attacks could occur. The perpetrators need not only the access code to the router, but also the connection data, passwords and identifiers for remote access. A link with the recently announced list of 16 million compromised email addresses is suspected. However, individual data subjects did not find their data in the BSI safety test. In addition, a combination of e-mail address and password is not sufficient in normal circumstances to provide access to a router as well as a customized remote access.


Download tips: The best Fritzbox apps


Until the pathway is known and a permanent solution exists, you should take the following advice. Change all relevant data in your Fritzbox, if necessary also the accesses with ports with used DDNS offerers - think of different passwords. In addition, you can set up a call barring for calls abroad, according to the AVM message.


The following domestic models can be updated: 3272, 3370, 3390, 6810, 6840, 6842, 7240, 7270 (v2 + v3), 7272, 7312, 7320, 7330 SL, 7330 SL, 7360 SL, 7360, 7362 SL, 7390 and 7490. For the international models: 3270, 3272, 3370, 3390, 7270 (v2 + v3), 7272, 7330, 7340, 7360, 7390 and 7490.

No comments:

Post a Comment