I am using an ISP provided router in bridge mode with my own router.
- Where is the risk of getting hacked?
- Can my ISP provided router in bridge mode (=modem) be hacked?
- Can it get firmware updates when in bridge mode?
Asked
Active
Viewed 279 times
1
Sir Muffington
- 1,447
- 2
- 9
- 22
-
Even if your ISP-provided router is not hacked, the next router upstream could be hacked, and that leaves you in the same boat. So, why not simply operate under the assumption that you can't trust the router (or the network in general), and proceed accordingly, i.e. always connect to remote hosts using secure protocols that ensure secrecy, integrity, and authenticity; and run a firewall on your own router that blocks incoming connections from the WAN, etc. – mti2935 Mar 03 '22 at 19:24
-
1But is it in theory possible to hack the router, which practically acts as a modem? No, right? Because it's the only device I don't trust – Sir Muffington Mar 03 '22 at 19:32
-
Even in bridged mode, it is still possible to manage the router either through the LAN facing admin interface, or possibly through the WAN facing interface (if enabled). Additionally the ISP is presumably able to manage the router, even when it is in bridged mode. Also, if the router gets updates, then this is another attack vector. So, it seems that there are at least a few attack vectors. – mti2935 Mar 03 '22 at 21:15
1 Answers
2
It depends on the router. In case of cable routers some run two operating systems on different CPUs. One for the WAN/modem/cable connection like eCos RTOS and one Linux system for the LAN side. On the WAN side there can be an additional network the ISP has access to which you can't see from the LAN. Also a DSL modem still runs some Linux but afaik has no additional network service running on the WAN side. It is similar to a real network bridge.
There are usually several other routers from the ISP in your path to the final IP. So you already trust the provider a lot. Your home router could in theory offer some more ways to attack client devices like Wifi, USB or additional applications running on it. Encrypting traffic or using a VPN on your PC/smart phone can protect against a malicious router.
minimumautism
- 76
- 2