Skip to main content

Secondhand routers may be a serious security concern

Security researchers have publicly revealed findings in a study that uncovered that more than half of the enterprise routers sold secondhand to online resellers, such as eBay, had not been factory reset and wiped of their data. This means the devices still contained sensitive company information from their previous owners when they were resold.

Researchers from the security firm ESET plan to showcase their study at the RSA security conference in San Francisco next week, but told Wired that they were able to uncover data of the enterprise organizations from the secondhand routers, including “network information, credentials, and other confidential data,” with no major effort.

A Wi-Fi router with an ethernet cable plugged in.
wlan antenna Getty Images

In particular, the researchers purchased 18 used routers from well-known brands including Cisco, Fortinet, and Juniper Networks. They ultimately discovered that nine of the devices were sold as is, and they offered easy access to all the router’s information. Meanwhile, five of the routers had been fully factory reset and wiped of all data. Two of the routers were encrypted, one was dead, and one was a mirror copy of another device, Wired noted.

Recommended Videos

The information ESET researchers were able to collect from the nine unprotected routers includes “credentials for the organization’s VPN, credentials for another secure network communication service, and hashed root administrator passwords.”

Eight of the unprotected routers included “router-to-router authentication keys” with “information about how the router connected to specific applications used by the previous owner.” Four routers included “credentials for connecting to the networks of other organizations, such as trusted partners, collaborators, or other third parties.” Three devices hosted details of how one could “connect as a third party to the previous owner’s network,” while two held customer data, according to the study.

ESET also noted that all nine unprotected routers included enough data for the researchers to figure out to which organizations they previously belonged.

The researchers noted how much of a security risk these routers being so easily accessible is because of the prevalence of cybercriminals and state-backed hackers. The routers can simply be purchased at a discount online because they are secondhand, and bad actors can potentially scan devices for valuable corporate information they can sell on the dark web and then simply resell the router again. The researchers said they hesitated to release their findings, but ultimately decided that awareness was the better option.

The ESET team told Wired they have done their diligence to contact and warn the prior owners of the nature of their routers, with some grateful for the update. Meanwhile, others appeared to ignore the warnings or not cooperate.

Fionna Agomuoh
Fionna Agomuoh is a Computing Writer at Digital Trends. She covers a range of topics in the computing space, including…
Don’t use your Windows PC without using these security settings
The Windows Security app in Windows 11.

Historically, Windows has had a bad reputation for security, and there are far more malware strains that target Windows than any other operating system out there -- largely due to the scale of PCs that exist in the world. With such a vast array of potential threats, it’s more important than ever to keep your Microsoft PC safe and protected.

But doing so doesn’t have to be difficult or expensive. In fact, you can start right now with just the computer you own, no extra software necessary. And if you do want to supplement your PC with some of the best Windows apps that will boost your security and privacy, you don’t need to pay a penny.

Read more
I’d never use a Mac without first changing these 8 security settings
Security and Privacy settings open on a MacBook.

If you’ve got one of the best MacBooks or Macs, the chances are good that you do an awful lot of sensitive stuff on your computer. Think about all the passwords you enter, the emails you send and receive, and the documents you create -- all of those can provide a treasure trove of data to any sticky-fingered ne’er-do-wells who manage to gain access to your device.

To prevent the worst from happening, it’s a good idea to beef up your Mac security. The good news is that doing so is far easier than you might think, and there are a handful of macOS settings you can change right now to keep your Mac -- and all the information it holds about you -- safe from prying eyes.

Read more
The next Windows 11 update may seriously slow down your SSD
Windows 11 logo on a laptop.

Microsoft may be rolling out a new feature as part of the latest Windows 11 update that will boost security but slow down SSD performance. We're talking about BitLocker, of course, a device encryption feature that will be turned on by default as part of the upcoming 24H2 update.

In the past, BitLocker encryption was available only on Windows Pro editions, but the new update lowers the eligibility criteria, extending encryption capabilities to a broader range of devices.

Read more