> So he posed the question: What if all home routers get hacked and wiped in a mass attack against a country? People can't go out and buy new ones since they are just at risk and will probably just get hacked again. This puts a large amount of any countries technical infrastructure at risk.
That's just plain old FUD, nothing new under the sun!
I realize this is not a very constructive comment, but the fact of the matter is that some people in the information security business likes these types of extravagant displays of "this is the end of the world as we know it!"
Not many SOHO-routers have capabilities exposed to the outside world.
I mean, yes, it would be nice if the world was a safer place, but it's all about risk management, and risk is a factor of probability and cost, and the probability level here is very low.
> That's just plain old FUD, nothing new under the sun!
LOL. AVM, biggest german manufacturer of soho routers (Fritzbox) suffered from a RCE vulnerability; hackers pwned the boxes and made highly expensive premium calls.
There's no doubt that some particularly bad routers out there are vulnerable to RCE by default (usually because they have remote management enabled by default and have an authentication bypass issue or some other dumb flaw on the login page), but it's definitely FUD to speculate that someone can wipe "all the routers on the Internet".
Most routers are incredibly insecure, but a good portion of those vulnerabilities can only be triggered if you share a LAN with the router or have and can widely deploy a XSS/CSRF exploit.
That's just plain old FUD, nothing new under the sun!
I realize this is not a very constructive comment, but the fact of the matter is that some people in the information security business likes these types of extravagant displays of "this is the end of the world as we know it!"
Not many SOHO-routers have capabilities exposed to the outside world.
I mean, yes, it would be nice if the world was a safer place, but it's all about risk management, and risk is a factor of probability and cost, and the probability level here is very low.