This just released malware targets routers. What make/model routers does FiOS use and has Verizon completed patching? What do customers need to do to verify their systems are protected?
Verizon uses several different models.
All by ActionTec.
Would need to see if this vulnerability affects them.
Current list of affected routers. No ActionTec routers yet.
Affected Systems
Linksys Devices:E1200E2500WRVS4400NMikrotik RouterOS Versions for Cloud Core Routers:101610361072Netgear Devices:DGN2200R6400R7000R8000WNR1000WNR2000QNAP Devices:TS251TS439 ProOther QNAP NAS devices running QTS softwareTP-Link Devices:R600VPN
@CRobGauth wrote: Verizon uses several different models.All by ActionTec.Would need to see if this vulnerability affects them.
No Verizon’s Quantum Gateway G1100 is made by Greenwave Technology
not Actiontec.
D-Link DIR-825, ActionTec MI424WR Rev. A - I (minus H), and Greenwave G1100 are the routers Verizon has provided with FiOS.
is there a VPNfilter malware patch available for the G1100 router? where does one download it?
Thanks!
meng1131
@meng1131 wrote: is there a VPNfilter malware patch available for the G1100 router? where does one download it? Thanks!meng1131
Unfortunately Verizon sends out updates and or patches when received from Greenwave Techonologies there are no sites for you to download as a stand alone.
Thanks Doug! That's a relief! We also use ActionTec G1100 Gateway.
@Linhow01 wrote: Thanks Doug! That's a relief! We also use ActionTec G1100 Gateway.
There is no such router. This is the second poster with incorrect information
the Fios Quantum Gateway Router G1100 is not an Actiontec Router.
fios Quantum Gateway Router is made by Greenwave Technology not Actiontec.
and Doug was the original poster.
The only legible identification on my router is "Fios Quantum Gateway". When I check the instruction manual, it says Verizon automatically handles all firmware updates, and there is no way for users to update. We need information from Verizon to clarify this.
@jhecht wrote: The only legible identification on my router is "Fios Quantum Gateway". When I check the instruction manual, it says Verizon automatically handles all firmware updates, and there is no way for users to update. We need information from Verizon to clarify this.
Good luck. Greenwave makes the routers and does the firmware for Verizon.
verizon Fios sends out updates when they feel the need.
You don’t need clarification from a customer helping customer forum.
1-800-VERIZON call them and see what they say. Choose tech support.
Is the FiOS Gateway router susceptible to this issue?
Cybersecurity researchers have identified that foreign cyber actors have compromised hundreds of thousands of home and office routers and other networked devices worldwide [1] [2]. The actors used VPNFilter malware to target small office/home office (SOHO) routers. VPNFilter malware uses modular functionality to collect intelligence, exploit local area network (LAN) devices, and block actor-configurable network traffic. Specific characteristics of VPNFilter have only been observed in the BlackEnergy malware, specifically BlackEnergy versions 2 and 3.
The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) recommend that owners of SOHO routers power cycle (reboot) SOHO routers and networked devices to temporarily disrupt the malware.
DHS and FBI encourage SOHO router owners to report information concerning suspicious or criminal activity to their local FBI field office or the FBI’s 24/7 Cyber Watch (CyWatch). Field office contacts can be identified at www.fbi.gov/contact-us/field. CyWatch can be contacted by phone at 855-292-3937 or by email at CyWatch@fbi.gov. Each submitted report should include as much informaiton as possible, specifically the date, time, location, type of activity, number of people, the type of equipment used for the activity, the name of the submitting company or organization, and a designated point of contact.
The size and scope of this infrastructure impacted by VPNFilter malware is significant. The persistent VPNFilter malware linked to this infrastructure targets a variety of SOHO routers and network-attached storage devices. The initial exploit vector for this malware is currently unknown.
The malware uses a modular functionality on SOHO routers to collect intelligence, exploit LAN devices, and block actor-configurable network traffic. The malware can render a device inoperable, and has destructive functionality across routers, network-attached storage devices, and central processing unit (CPU) architectures running embedded Linux. The command and control mechanism implemented by the malware uses a combination of secure sockets layer (SSL) with client-side certificates for authentication and TOR protocols, complicating network traffic detection and analysis.
Negative consequences of VPNFilter malware infection include:
DHS and FBI recommend that all SOHO router owners power cycle (reboot) their devices to temporarily disrupt the malware.
Network device management interfaces—such as Telnet, SSH, Winbox, and HTTP—should be turned off for wide-area network (WAN) interfaces, and, when enabled, secured with strong passwords and encryption. Network devices should be upgraded to the latest available versions of firmware, which often contain patches for vulnerabilities.
Rebooting affected devices will cause non-persistent portions of the malware to be removed from the system. Network defenders should ensure that first-stage malware is removed from the devices, and appropriate network-level blocking is in place prior to rebooting affected devices. This will ensure that second stage malware is not downloaded again after reboot.
While the paths at each stage of the malware can vary across device platforms, processes running with the name "vpnfilter" are almost certainly instances of the second stage malware. Terminating these processes and removing associated processes and persistent files that execute the second stage malware would likely remove this malware from targeted devices.
I didn't see that Actiontec routers are subject to the malware virus.
Anyhow, can someone at Verizon confirm?
This is a peer to peer support forum.
Won't see a response from Verizon here.
If you have an actiontec, you could try reaching out to them.
I was on the ActionTec support site and they say all updates for Verizon's routers will be handled by Verizon. ActionTec won't supply them.
@FamilyCTO wrote: I was on the ActionTec support site and they say all updates for Verizon's routers will be handled by Verizon. ActionTec won't supply them.
This is something I have repeated over and over on this forum.
Actiontech and Greenwave supply the updates to Verizon. Verizon sends them out if they desire or deem it necessary.
This is also the way verizon wireless did updates. When they were good and ready.
you can see they are doing the same on Fios. You want faster and better updates but a better router like an Asus or Netgear etc.
I just asked tech support, but I think I was only dealing with first level. He told me that firmware is automatically downloaded, but couldn't tell me if any already has. He said there was nothing I could do on my end--it is automatic. I'm surprised there has been no public announcement to Verizon customers. So I don't know how concerned I should be.
The FBI recently issued a security notice warning that all home and small office routers should be rebooted after Cisco’s Talon groupdiscovered sophisticated Russian-linked “VPNFilter” malware infecting at least 500,000 networking devices.
They also suggested a factory reset of the router and loading new firmware. Does Verizon FIOS have any guidelines on how to do that on the various Routers they provide with their service? II have a a Router supplied to support the Quantum service
@gailq wrote: The FBI recently issued a security notice warning that all home and small office routers should be rebooted after Cisco’s Talon groupdiscovered sophisticated Russian-linked “VPNFilter” malware infecting at least 500,000 networking devices. They also suggested a factory reset of the router and loading new firmware. Does Verizon FIOS have any guidelines on how to do that on the various Routers they provide with their service? II have a a Router supplied to support the Quantum service
Simply unplug it and plug it back in to refresh it. To factory reset take a pen or paperclip and insert in reset hole on back of router.
firmware updates can not be done via customers on Verizon routers. Only Verizon can do that.
A person in our IT security department at work has Quantum router.
He agreed with me that there haven't been any reports that the Greenwave router was compromised.
Fortunately, at the bottom of this site where routers vulnerable to the VPN filter are lised, Actiontec routers do not appear.
https://blog.talosintelligence.com/2018/05/VPNFilter.html
That said, I am familiar with the basics of accessing and changing settings on my Actiontec M1424WR Rev I GigE, but at the same time I realize that a little knowledge is a dangerous thing and undestand that I could really foul things up if I toyed with the wrong settings.
Would anyone be willing and able to offer suggestions on settings I might change on this particular router in order to better enhance my security?
Many thanks.
Hi,
I reset my Quantum Gateway router with the red button on the back, made sure auto refresh was turned on and changed the original issued PW to a new one. Sgould I power cycle it just to be safe? Will the PW change prevent the firmware updates that Verizon pushes out to their routers since Verizon does not know the PW now??
Thanks.
Susan
Are the Verizon routers / set top boxes suseptable to VPN Filter Malware?
@dfranzo wrote: Are the Verizon routers / set top boxes suseptable to VPN Filter Malware?
No someone here in another thread had a list and neither Fios Quantum Gateway Router or the Actiontec are listed.
I'm not so sure that list was definitive...it'll probably grow. Or someone will fork the malware into something that can exploit VZ routers.
Updated 6/6/18https://arstechnica.com/information-technology/2018/06/vpnfilter-malware-infecting-50000-devices-is-worse-than-we-thought/
Asus Devices:RT-AC66U (new)RT-N10 (new)RT-N10E (new)RT-N10U (new)RT-N56U (new)RT-N66U (new)
D-Link Devices:DES-1210-08P (new)DIR-300 (new)DIR-300A (new)DSR-250N (new)DSR-500N (new)DSR-1000 (new)DSR-1000N (new)
Huawei Devices:HG8245 (new)
Linksys Devices:E1200E2500E3000 (new)E3200 (new)E4200 (new)RV082 (new)WRVS4400N
Mikrotik Devices:CCR1009 (new)CCR1016CCR1036CCR1072CRS109 (new)CRS112 (new)CRS125 (new)RB411 (new)RB450 (new)RB750 (new)RB911 (new)RB921 (new)RB941 (new)RB951 (new)RB952 (new)RB960 (new)RB962 (new)RB1100 (new)RB1200 (new)RB2011 (new)RB3011 (new)RB Groove (new)RB Omnitik (new)STX5 (new)
Netgear Devices:DG834 (new)DGN1000 (new)DGN2200DGN3500 (new)FVS318N (new)MBRN3000 (new)R6400R7000R8000WNR1000WNR2000WNR2200 (new)WNR4000 (new)WNDR3700 (new)WNDR4000 (new)WNDR4300 (new)WNDR4300-TN (new)UTM50 (new)
QNAP Devices:TS251TS439 ProOther QNAP NAS devices running QTS software
TP-Link Devices:R600VPNTL-WR741ND (new)TL-WR841N (new)
Ubiquiti Devices:NSM2 (new)PBE M5 (new)
Upvel Devices:Unknown Models* (new)
ZTE Devices:ZXHN H108N (new)
Break--Break....
Why isn't VERIZON itself not putting out more official information & guidance on this??
Seems like a pretty big deal, and this service provider is not exactly cheap.
@Shanovan wrote: Break--Break....Why isn't VERIZON itself not putting out more official information & guidance on this??Seems like a pretty big deal, and this service provider is not exactly cheap.
Because it is not something affecting their routers or network.
why alarm folks over nothing?
Note that as of June 1, VZ has put out a rather vague VPNFilter advisory with a blanket recommendation to reboot, in broad context of "the various routers we provide." It neglects to say when or how often.
https://www.verizon.com/support/residential/announcements/important-information
Given the way VPNFilter is moving, I'd like to see much more from VZ, to the effect that they are actively monitoring and ensuring their device OEMs are working to keep their firmware ahead of the threat, including specific dates on which each VZ router brand-name has been remotely updated, if that is the case. Rebooting prior to such a date won't help much.
This appears to be a hostile nation-state attack, and it may only be a matter of time until they move across the less common devices.
https://blog.talosintelligence.com/2018/06/vpnfilter-update.html
I agree and am concerned with relative silence from Verizon on this VPNflter malware and othr security issues, which I hear about nearly every day in other forums. Internet security and communication with customers should be high priority and I have received nothing from Verizon about this. I would rather be proactive than try to clean up a mess.
Dear Good People of this Verizon Customers' Community (which I just joined):
Aren't we all concerned about the FBI's warning that malware is infecting many American routers?! Are we following their advice to reboot our routers and update the firmware and strengthen our usernames and passwords? Here's an article from The New York Times:
https://www.nytimes.com/2018/05/27/technology/router-fbi-reboot-malware.html
Here's a follow-up story:
https://www.nytimes.com/2018/06/13/technology/personaltech/wi-fi-router-security.html
And here's advice from the follow-up:
■ If you use a router provided by a broadband provider like Comcast or Verizon, call the customer service department and ask whether your equipment has been updated with the latest firmware.
I've not called Verizon; I'm waiting for them to come to us. Verizon, are you reading this posting? Please acknowledge the threat and inform us fully of how you're dealing with it and tell us what steps we little guys need to do to stay safe on the Internet.
Ramsey NJ
Personally no I am not too concerned.
spreading gloom and doom helps no one.
if the Verizon routers need updates don’t you think Verizon would have pushed out an update? What purpose would it serve to leave the routers vulnerable when it would cause more harm to their bottom line. Customers equal MONEY and Verizon does not like to lose money.
until Verizon states their are issues with their routers or network, these doom posts just make individuals are worried for no good reason.
more important things to worry about. Like world peace or healthcare or lowering the prices of prescription drugs. A router is not that a major concern.
