Second-hand enterprise routers still contain sensitive data, ESET finds

Share post:

ESET researchers have discovered that more than 50% of second-hand enterprise routers purchased for testing have not been wiped by their previous owners.

The routers, which included models by Cisco, Fortinet and Juniper Networks, contained confidential data, network information, and credentials that could easily be used to determine the previous owner. Among the data, were hashed root administrator passwords, VPN and secure network communication credentials, and router-to-router authentication keys. Moreover, eight of the routers contained data about connecting to other organizations’ networks, and two contained customer data.

Details on a corporation’s network operations and structure can be used for launching ransomware attacks, plotting espionage campaigns, and even identifying vulnerabilities in outdated software. ESET researchers say that the wealth of data on such devices would be highly valuable to cybercriminals and even state-backed hackers.

As in the ESET findings, Ford says that Red Balloon researchers have found passwords and other credentials and personally identifying information. Some data like usernames and configuration files are usually in plaintext and easily accessible, while passwords and configuration files are often protected because they are stored as scrambled cryptographic hashes. But Ford points out that even hashed data is still potentially at risk.

Since second-hand equipment is discounted, cybercriminals can purchase them and gain access to valuable information and network access. The researchers debated whether to release their findings or not, but they concluded that raising awareness about the issue is more important.

The sources for this piece include an article in ArsTechnica.

SUBSCRIBE NOW

Related articles

Hackers Plant False Memories in ChatGPT to Steal User Data

A security researcher has uncovered a vulnerability in ChatGPT that could allow hackers to store false information and...

“Octo2” Trojan Targets Bank Accounts by Posing as VPN or Chrome Apps on Android

A new malware variant called “Octo2” is spreading across Android devices by posing as popular apps like NordVPN...

Evilginx – Open source tool can bypass Multi-Factor Authentication (MFA)

Security vendor Abnormal Security is reporting a new cybersecurity tool that is gaining traction among cybercriminals. The tool,...

Kaspersky’s exit from US market frightens some customers

Kaspersky, the Russian cybersecurity firm, has unexpectedly removed its antivirus software from U.S. customers' computers, replacing it with...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways