“Company Secrets and techniques Discovered on Used Routers – Watch out for Shopping for Secondhand”

aquatarkus/Getty Photos

In case you’re going to promote or give away your smartphone or laptop computer, it’s important to erase any private knowledge first. The identical applies to companies and establishments, who should delete data from PCs, servers, and community tools. Nonetheless, a presentation on the RSA safety convention in San Francisco subsequent week will reveal that over half of the enterprise routers analyzed by ESET researchers contained their earlier proprietor’s knowledge. The researchers purchased 18 used routers from Cisco, Fortinet, and Juniper Networks, and simply 5 had been appropriately wiped. 9 had been absolutely accessible, together with credentials for VPN and different safe community communication providers, hashed root administrator passwords, and figuring out knowledge. Cameron Camp, the ESET safety researcher who carried out the mission, emphasised that possessing this data made it simple to impersonate the organizations.


Eight of the unprotected routers contained router-to-router authentication keys and knowledge on connecting to particular purposes. 4 uncovered third-party community credentials, figuring out knowledge, and knowledge on the way to join as a 3rd occasion. Two contained buyer knowledge. The entire routers offered sufficient figuring out knowledge to find out their earlier proprietor or operator.

“A core router touches every little thing within the group, so I do know all concerning the purposes and the character of the group—it makes it very, very simple to impersonate the group,” says Cameron Camp of ESET.