April 20, 2023

ESET researchers have discovered that more than 50% of second-hand enterprise routers purchased for testing have not been wiped by their previous owners.

The routers, which included models by Cisco, Fortinet and Juniper Networks, contained confidential data, network information, and credentials that could easily be used to determine the previous owner. Among the data, were hashed root administrator passwords, VPN and secure network communication credentials, and router-to-router authentication keys. Moreover, eight of the routers contained data about connecting to other organizations’ networks, and two contained customer data.

Details on a corporation’s network operations and structure can be used for launching ransomware attacks, plotting espionage campaigns, and even identifying vulnerabilities in outdated software. ESET researchers say that the wealth of data on such devices would be highly valuable to cybercriminals and even state-backed hackers.

As in the ESET findings, Ford says that Red Balloon researchers have found passwords and other credentials and personally identifying information. Some data like usernames and configuration files are usually in plaintext and easily accessible, while passwords and configuration files are often protected because they are stored as scrambled cryptographic hashes. But Ford points out that even hashed data is still potentially at risk.

Since second-hand equipment is discounted, cybercriminals can purchase them and gain access to valuable information and network access. The researchers debated whether to release their findings or not, but they concluded that raising awareness about the issue is more important.

The sources for this piece include an article in ArsTechnica.