Used Routers Fully Loaded With Corporate Secrets for Just $100

Researchers at ESET found that hardware on resale in the market consisted of highly confidential information such as IPsec or VPN credentials, hashed root passwords, and much more.

Second-Hand sales of computing equipment have been in place ever since the introduction of computers and their hardware parts.

Every company relies on its managed service providers or e-waste contractors for the decommissioning procedures.

Unfortunately, this equipment, like corporate routers or any other network managing devices, did not have great decommissioning and wiping procedures, which led to the disclosure of confidential information.

Researchers also mentioned that this highly classified corporate information equipment was resale for just $100 – $150.

Threat actors who plan to attack the infrastructure can get this information for just $100, which they can use for planning an attack.

Another overwhelming fact is that this equipment was sometimes owned by organizations that include cloud computing businesses or data centers, who must be aware of how to wipe this information during decommissioning of the equipment.

According to the report, the information that was revealed during the analysis included,

  • Customer data – 22%
  • Data of Third-party connections to the network – 33%
  • Credentials for connecting to other networks as a trusted party – 44
  • Connection details for specific applications – 89%
  • Router-to-router authentication keys – 89%
  • IPsec or VPN credentials, or hashed root passwords – 100%
  • Data to identify the former owner/operator – 100%

The report also mentioned that it was hard for the researchers to contact the companies whose data had been exposed in the analysis.

Most of this data exposure is due to human error, which could lead to a potential data breach.

Equally concerning was the difficulty the team experienced during the disclosure process when attempting to contact the companies concerned, to disclose that our researchers were in possession of a device with the company’s sensitive network configuration data.” reads the report published by ESET.

ESET used 18 routers for testing and analytic purposes. The list of routers used for analysis by ESET researchers is given below

In these routers, accessible were several network configuration data were extracted by the ESET research team. The data is given in proportion to the data extracted.

Network Configuration Data Number Percentage
Complete Configuration Data available 9 56.25
Wiped Properly 5 31.25
Hardened 2 12.5
Dead (no recoverable data 1 N/A
Second Device in Mirror pair 1 N/A

Source: ESET

Companies that were identified during the analysis and details of their type of business and revenue are listed below.

Vertical Reach Employees Revenue (US$, M)
Light Manufacturing/supplier Direct data services, as well as managed MSP services for the region 5-50 5-25
Legal Nationwide (US) law firm 50-100 5-25
Creative Products/subassemblies integrated into larger companies’ products 100-500 25-100
Services multiple tiers one, household brand companies Multinational Technology Company 100-500 25-100
MSP Manages fintech companies 100-500 25-100
Open-source software Has over 100 million users, worldwide 100-500 500-1000
Events Operates trade shows and equipment rentals 1000-5000 25-100
Multinational Technology company Global data company 10000+ 1000+
Telecoms This was CPE (Customer Premises Equipment) for a transportation company 10000+ 1000+

Every organization needs to decommission any computing equipment and have a clean wiping procedure before making the computing equipment available to the resale market.

Network Security Checklist – Download Free E-Book

Also, Read

HiatusRAT Malware Attack Routers to Gain Remote Access & Download Files

Multiple Flaws in Cisco Small Business Routers Allow Remote Attackers to Execute Arbitrary Code

Russia Based Cyclops Blink Malware Targeting ASUS Routers Models

FritzFrog Botnet Targeting SSH server, Data Center Servers, and Routers

Source: gbhackers.com