Own on install. How grave it is?
Kirils Solovjovs
kirils.solovjovs at kirils.com
Thu Jan 11 01:54:00 PST 2018
The concerns are real and industry resolves this by applying the minimal
required patches from a media before connecting device to the network.
K.
On 2018.01.09. 12:20, Georgi Guninski wrote:
> This is well known, haven't seen it discussed.
>
> In short doing clean install (factory defaults) has a window of
> opportunity when the device is vulnerable to a known network attack.
>
> It used to be common sense to reinstall after compromise (probably
> doesn't apply to the windows world where the antivirus takes care).
>
> All versions of windoze are affected by the SMB bug to my knowledge.
> Debian jessie (old stable) is vulnerable to malicious mirror attack.
>
> More of interest to me are devices where the installation media is
> fixed and can't be changed.
>
> This includes smartphones and wireless routers.
>
> Some smartphones might be vulnerable to wifi RCE (found by google?).
> Some wireless routers might be vulnerable to wifi RCE or
> default admin password attack over wifi.
>
> Internet of Things will make things worse (some NAS devices are
> affected).
>
> Shielding the device might not be solution since updates must be
> applied.
>
> Are the above concerns real?
>
> Have this been studied systematically?
>
More information about the cypherpunks
mailing list