Used Routers Often Come Loaded With Corporate Secrets
WiredYou know that you're supposed to wipe your smartphone or laptop before you resell it or give it to your cousin. At the RSA security conference in San Francisco next week, though, researchers from the security firm ESET will present findings showing that more than half of secondhand enterprise routers they bought for testing had been left completely intact by their previous owners. All nine of the unprotected devices contained credentials for the organization's VPN, credentials for another secure network communication service, or hashed root administrator passwords. Eight of the nine unprotected devices included router-to-router authentication keys and information about how the router connected to specific applications used by the previous owner. Three contained information about how an entity could connect as a third party to the previous owner's network.