1

I have a router (TP Link Archer C2) that I would like to pass on to a friend or give to a thriftstore. However, I noticed some logs via the admin tools. The router apparently logged some requests and associated IP adresses for debugging. Logging was turned on by default, and this got me thinking that you might want to scrub stuff like that.

So, what is the minimum checklist for safely reseting a router? Will a factory reset generally suffice to permanently scrub it from old data, like passwords and logs?

Ie. could a malicious party getting hold of a factory reset router read old data, similar to trawling a hard drive for information that was not securely erased?

Conor Mancone
  • 29,899
  • 13
  • 91
  • 96
hexamon
  • 273
  • 1
  • 2
  • 7
  • Since you are throwing it away, why not do some percussive erasure and hit it repeatedly with a hammer? –  Jan 24 '20 at 12:35
  • @MechMK1 You're right, if I'm throwing it away I can just nuke it from orbit I guess. I'll update my question for the hypothetical situation of giving the router away to someone. – hexamon Jan 24 '20 at 12:37
  • Please see [how to factory reset your router](https://www.tp-link.com/us/support/faq/497/) at TP Link support. – Steffen Ullrich Jan 24 '20 at 13:12
  • @SteffenUllrich Sure, but my question is whether a factory reset will securely and permanently erase previous data. I will edit the question to underline this. – hexamon Jan 24 '20 at 13:28
  • 1
    I've updated your title to match your new question focus. Feel free to change it if you don't like my edit. – Conor Mancone Jan 24 '20 at 13:34
  • There is no generic answer of what a factory reset will do with all routers. Please contact vendor support of what the intended behavior of your specific model is. Note that the intended behavior might still be different from the actual behavior due to bugs in the firmware. – Steffen Ullrich Jan 24 '20 at 13:39
  • Fair enough. I guess it's hard to narrow down the focus. I'm asking mostly out of curiosity, to see if there were any examples or experiences where this "attack" had been tried. Feel free to close the question if it is too broad/vague. – hexamon Jan 24 '20 at 13:41
  • @SteffenUllrich Sorry, I deleted my comment because I decided there was enough useful information to make an actual answer. – Conor Mancone Jan 24 '20 at 13:44

1 Answers1

2

This is not the "slam dunk" answer you're hoping for. Someone else might come along later and provide a better answer, but I figured I still had some helpful things to add.

The reality is that the intended way to completely wipe a router is by using the factory reset. Your question basically boils down to, "Yes, but does the factory reset actually wipe everything???". Unfortunately answering that question requires an expert on this particular router, or information directly from the manufacturer. Neither of those things are likely to happen.

Fortunately it doesn't really matter, because realistically whoever ends up with your router is not going to be an expert on electronics to the extent that they will open the router, dump all memory in the device, and attempt to reconstruct old logs. This is the sort of attack that you would have to worry about if you were developing nuclear weapons, but that is unlikely to be the case for you and I, so I wouldn't worry about things like that. As a result I'd suggest something simple:

  1. Factory reset the router
  2. Login to the admin portal and see if you can find any residual logs or other data from its past life.
  3. If not, give it away without worry
  4. If so (and you are uncomfortable giving away that information), then perform a rapid unscheduled disassembly.
Conor Mancone
  • 29,899
  • 13
  • 91
  • 96