Forgot your password?
typodupeerror
Encryption Networking Privacy Your Rights Online Hardware IT

Ask Slashdot: Can Commercial Hardware Routers Be Trusted? 213

Posted by timothy
from the rot13-is-the-only-way dept.
First time accepted submitter monkaru writes "Given reports that various vendors and encryption algorithms have been compromised. Is it still possible to trust any commercial hardware routers or is 'roll your own' the only reasonable path going forward?" What do you do nowadays, if anything, to maintain your online privacy upstream of your own computer?
This discussion has been archived. No new comments can be posted.

Ask Slashdot: Can Commercial Hardware Routers Be Trusted?

Comments Filter:
  • by ModernGeek (601932) on Saturday December 21, 2013 @07:29PM (#45756795) Homepage
    You still have to rely on the trustworthiness of the NICs. Anything contacted to the Internet can not be trusted.
  • The Wrong Question (Score:5, Insightful)

    by agwadude (666995) on Saturday December 21, 2013 @07:37PM (#45756829)
    You shouldn't have to trust your upstream routers. Instead you should assume they're compromised and use end-to-end encryption. HTTPS and SSH, for example, specifically protect against active attackers such as malicious routers.
  • Re:No. (Score:5, Insightful)

    by sabri (584428) on Saturday December 21, 2013 @07:38PM (#45756841)

    actually the obvious answer is that trust is not a binary thing.

    Actually, the obvious answer is that you don't have a choice. No matter how much effort you put into it, you will always be depending on third party hard- or software that simply have to trust. So, you want to solder your own PCB? Sure, go ahead, but your Ralink SoC is still manufactured somewhere in China. Don't trust Cisco's IOS? Sure, write your own, and let me know how you designed and manufactured your own ASICs. And then we're not even discussing the fact that as soon as the packet leaves your router, it will enter one that you don't even own. Yes, there is a lot that you can do and I think the closest real answer to the poster's question is to just get an OpenWRT capable router and compile from scratch, but to not trust anyone is simply not an option.

  • Re:No. (Score:5, Insightful)

    by erroneus (253617) on Saturday December 21, 2013 @07:42PM (#45756855) Homepage

    I was going to say that.

    RSA compromised with money. Cisco compromised already documented. Juniper? I don't know but I wouldn't doubt it.

    NSA, you've turned the world against the US and all its businesses. Happy yet?

  • by SB9876 (723368) on Saturday December 21, 2013 @07:46PM (#45756873)

    Like RSA or Microsoft?

  • Re:X-Files (Score:3, Insightful)

    by davidwr (791652) on Saturday December 21, 2013 @08:01PM (#45756947) Homepage Journal

    Trust No One!

    And I should believe you why?

  • by BitZtream (692029) on Saturday December 21, 2013 @08:18PM (#45757035)

    If you're worried about a router and if you can trust it, you've already done it wrong.

    Your data should have been encrypted before it let the original application if its something you care about.

    It shouldn't MATTER if you can trust the router, if it does, you've already failed.

  • Re:No. (Score:4, Insightful)

    by toejam13 (958243) on Saturday December 21, 2013 @08:18PM (#45757039)

    If you are really concerned about security, you might very well want to roll your own machine, and certainly should run a fresh, clean linux install off a CD every time you start up, to reduce the chances your machine is compromised.

    The next question is, what motherboard and network card firmwares can you trust? Running trusted code at the OS level and higher does reduce your risks, but until you can audit the code running your hardware, there is still a threat.

    Obviously, one can ask if most companies are a big enough fish to worry about this. Firmware hacks are fairly sophisticated, which makes me believe that they'd mostly be used to spearfish data from specific companies. So unless there is hidden backdoor in every network card manufactured by Popular Company X, should we be worried?

  • Good question! (Score:2, Insightful)

    by mikeg22 (601691) on Saturday December 21, 2013 @08:26PM (#45757081)
    I have no answer. I wanted to comment that this is the most pertinent "Ask Slashdot" that I've seen in the last five years. I would guess any router who's firmware was open-sourced.
  • by FlyHelicopters (1540845) on Saturday December 21, 2013 @08:48PM (#45757209)

    I am pretty sure if they are interested enough they will get the data one way or another.

    This...

    Or has no one ever heard of rubber-hose cryptography?

    If all else fails, they can break in at night and steal the information locally, or simply put a gun to your head.

    When it comes to computer nerds, that last option probably has a 99.99% success rate.

  • Re:No. (Score:5, Insightful)

    by erroneus (253617) on Saturday December 21, 2013 @09:44PM (#45757445) Homepage

    It has been demonstrated that the intelligence agencies (plural) in the US government is the tail that wags the dog. This is historically true and more than likely true today as well. When you've got the dirt on many people, how tempting would it be to leverage that into getting your way? It's a temptation many could not avoid exploiting.

  • by RR (64484) on Saturday December 21, 2013 @11:59PM (#45757889)

    As far as I'm concerned, a hardware router...

    There is no such thing. A device that moves data from one location to another, using some policies to examine and transform it, is not just a "hardware" device. It's also software. And if it interfaces with software, then it can be compromised. Or haven't you noticed the news about D-Link routers? [slashdot.org] A lot of these routers have 2MB or less of flash, which makes it difficult to find a useful exploit, but "difficult" doesn't mean "impossible."

    It's pretty unlikely that anyone will come up with a useful attack on a device that's just doing port blocking, NAT, and basic routing. At worst, somebody might DOS it or turn it into a well-connected zombie to aid in DDOSing somebody's server, but neither of those is compromising your data.

    With just a little paranoia, I can imagine someone finding a way to get those routers to copy your traffic, or at least the headers, to some hostile entity. It doesn't take full knowledge of your traffic to destroy your privacy. [arstechnica.com]

    A router is a type of computer. It's subject to all the same concerns about trustworthiness as any debate about proprietary and free software.

  • Re:No. (Score:4, Insightful)

    by furbyhater (969847) on Sunday December 22, 2013 @06:09AM (#45758943)
    We aren't forced to use a 14nm process just because the industry giants are doing it.

All this wheeling and dealing around, why, it isn't for money, it's for fun. Money's just the way we keep score. -- Henry Tyroon

Working...