Buying a “Used” Router












28















I am buying a "new" router from an open-box sale at a company that liquidates eCommerce returns. Plan to use it for a home network at cottage.



I'm a bit nervous that it could have been modified by whoever had it last.




  1. What are the main risks in this scenario?

  2. What specific steps should one take before and during setup of a new router that someone else may have had access to in the past?










share|improve this question























  • Do you really need to do this to begin with? If a router is sufficiently expensive that it makes sense to buy a used one rather than a new one, it's probably full of junk you don't want or need. Is this for a home or small office wifi router? Or something for major network infrastructure?

    – R..
    4 hours ago
















28















I am buying a "new" router from an open-box sale at a company that liquidates eCommerce returns. Plan to use it for a home network at cottage.



I'm a bit nervous that it could have been modified by whoever had it last.




  1. What are the main risks in this scenario?

  2. What specific steps should one take before and during setup of a new router that someone else may have had access to in the past?










share|improve this question























  • Do you really need to do this to begin with? If a router is sufficiently expensive that it makes sense to buy a used one rather than a new one, it's probably full of junk you don't want or need. Is this for a home or small office wifi router? Or something for major network infrastructure?

    – R..
    4 hours ago














28












28








28


5






I am buying a "new" router from an open-box sale at a company that liquidates eCommerce returns. Plan to use it for a home network at cottage.



I'm a bit nervous that it could have been modified by whoever had it last.




  1. What are the main risks in this scenario?

  2. What specific steps should one take before and during setup of a new router that someone else may have had access to in the past?










share|improve this question














I am buying a "new" router from an open-box sale at a company that liquidates eCommerce returns. Plan to use it for a home network at cottage.



I'm a bit nervous that it could have been modified by whoever had it last.




  1. What are the main risks in this scenario?

  2. What specific steps should one take before and during setup of a new router that someone else may have had access to in the past?







router






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked 14 hours ago









GWRGWR

31139




31139













  • Do you really need to do this to begin with? If a router is sufficiently expensive that it makes sense to buy a used one rather than a new one, it's probably full of junk you don't want or need. Is this for a home or small office wifi router? Or something for major network infrastructure?

    – R..
    4 hours ago



















  • Do you really need to do this to begin with? If a router is sufficiently expensive that it makes sense to buy a used one rather than a new one, it's probably full of junk you don't want or need. Is this for a home or small office wifi router? Or something for major network infrastructure?

    – R..
    4 hours ago

















Do you really need to do this to begin with? If a router is sufficiently expensive that it makes sense to buy a used one rather than a new one, it's probably full of junk you don't want or need. Is this for a home or small office wifi router? Or something for major network infrastructure?

– R..
4 hours ago





Do you really need to do this to begin with? If a router is sufficiently expensive that it makes sense to buy a used one rather than a new one, it's probably full of junk you don't want or need. Is this for a home or small office wifi router? Or something for major network infrastructure?

– R..
4 hours ago










4 Answers
4






active

oldest

votes


















46














Short answer: do a factory reset, update the firmware, and you are good to go.



The risk is very low, bordering zero. The previous owner may have installed a custom firmware or changed its configuration, but a firmware upgrade and factory reset is enough to take care of almost every change.



The risk that the previous owner tampered with the router and his changes can survive even a firmware upgrade and factory reset is negligible.



So, don't worry, unless you are a person of special interest: working on top-secret stuff or have privileged financial information on a big enterprise. But as you are buying a used router, I bet you are a common guy and would not be a target for those attacks.






share|improve this answer





















  • 2





    Wouldn't most people on stackoverflow/serverfault be persons of interest? They make software that gets deployed in lots of places, or manage systems for corporations. Even so, I agree with your answer in that "the risk is very low, bordering on zero", but the "person of special interest" category is broader than people often realize. Intelligence agencies are known to target sysadmins in particular. As a security consultant who knows of vulnerabilities before they are fixed, I can imagine what interest I might attract, and boy do I feel ordinary compared to the interesting people on this site.

    – Luc
    10 hours ago






  • 17





    The Evil Organization would have to predict when I am going to buy a router, predict which make/model I will buy, where I will buy, go there before, buy all the routers on the place, put a backdoor on each one, return every one, and wait for me to buy the compromised router. I don't think is plausible...

    – ThoriumBR
    10 hours ago






  • 4





    Possible, yes, but so improbable that can be dismissed. It's orders of magnitude easier to just exploit a zero-day on the router I currently have...

    – ThoriumBR
    10 hours ago






  • 1





    @.ThoriumBR You are right. I didn't think through how much work it would be: even if we are generally interesting targets, this doesn't scale.

    – Luc
    10 hours ago








  • 7





    Trust me, you're not that interesting.

    – hft
    8 hours ago



















8














The main risk is that the firmware has been replaced by a malicious version, which could make it possible to intercept all the traffic on your network. Passwords, injecting malware, redirecting you to malicious sites, etc. That's a worst-case scenario but easy for someone to do.



You want to factory reset the device to try to clear out anything that the previous owner may have set up in the factory firmware.



But more importantly, you want to see if the firmware has been changed by looking to see if the case has been opened or tampered with and to see if the operating system of the router has changed. But that might not be enough. It is easy to simulate the OS and website on a router.



Something that you could do is to replace the firmware with one of your own. That should wipe out any malicious firmware on the device. There are open-source after-market firmware you can use.






share|improve this answer



















  • 1





    what about downloading a new firmware from the router's support site (rather than openWRT)?

    – dandavis
    13 hours ago






  • 3





    If there is one available from the router's manufacturer, it should be the preferred one!

    – CyberDude
    13 hours ago






  • 1





    Sure, if available.

    – schroeder
    13 hours ago











  • Given how common authenticated command injection / code execution (eg via firmware update, or just bad coding) attacks are in routers, I'm not sure if checking for hardware tampering is enough. And if an attacker has tampered with the firmware, they should be able to fake any firmware update, or place a backdoor in any newly installed firmware. For an update via web interface of the router, this should be trivial, for an update via serial interface or firmware reset probably a bit more difficult (though I'm not sure how much more; if you could add more info about this, that would be great).

    – tim
    10 hours ago



















6














By far, your main risk in buying an "open box" router is that the router has some subtle damage that the manufacturer didn't detect but that will ultimately reduce the lifespan of the device. That's one reason why they often have reduced warranties.



Security-wise, the risk is negligible if you do a factory reset and re-flash the firmware. That should re-write everything in programmable memory and erase anything malicious that a previous user might have loaded. In fact, this is a best practice even for new routers. I've bought new routers multiple times only to learn that they were still programmed for what was clearly a test network at the factory.



Persistent malware is a real thing, but it's not something to worry too much about. After all, a "brand new" router could have had persistent malware loaded at the factory, so this isn't a risk you can completely mitigate.






share|improve this answer








New contributor




bta is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.




























    3














    Technically there is a risk that the previous owner has installed custom modified firmware with a backdoor.



    It is unlikely that the average person has installed custom firmware. Most people don't care about their routers and rarely update them, let alone upgrade them with custom firmware. IF custom firmware was installed it is most likely something benign like DD-WRT, OpenWRT or similar.



    And even if they did install custom firmware, it is easily erased with a factory reset or by installing custom firmware of your own. Download the newest firmware package from the manufacturer and flash to the router before plugging the router into either the internet or your local network.





    I am splitting this answer because this second case does not apply to the overwhelming majority of people.



    Unless you are a UN Peacekeeper, Top Secret Government Agent, Elite Hacker under investigation, CEO of a major corporation, or otherwise have important information or many well funded enemies, stop reading now.



    It is technically possible, but incredibly unlikely, that there is a threat on that router that a factory reset/reflash will not remove. This is incredibly unlikely unless you are a high value target. The overwhelming majority of people should not be concerned about this case.



    If someone wants to target you, there are many better and cheaper ways to target you than discovering a new vulnerability in that router or building a fake router to trick you.



    If you are worried about this incredibly unlikely scenario, then your safest bet is to buy new hardware directly from the factory.






    share|improve this answer



















    • 1





      FYI, after reading your answer, my takeaway is that ThoriumBR said the same thing more concisely two hours before you (and you also use bold/italics a lot: if almost every paragraph has highlighting, and it's just one or a few words so you need to read the context around it, then nothing is highlighted).

      – Luc
      9 hours ago











    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "162"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    noCode: true, onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f203859%2fbuying-a-used-router%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    4 Answers
    4






    active

    oldest

    votes








    4 Answers
    4






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    46














    Short answer: do a factory reset, update the firmware, and you are good to go.



    The risk is very low, bordering zero. The previous owner may have installed a custom firmware or changed its configuration, but a firmware upgrade and factory reset is enough to take care of almost every change.



    The risk that the previous owner tampered with the router and his changes can survive even a firmware upgrade and factory reset is negligible.



    So, don't worry, unless you are a person of special interest: working on top-secret stuff or have privileged financial information on a big enterprise. But as you are buying a used router, I bet you are a common guy and would not be a target for those attacks.






    share|improve this answer





















    • 2





      Wouldn't most people on stackoverflow/serverfault be persons of interest? They make software that gets deployed in lots of places, or manage systems for corporations. Even so, I agree with your answer in that "the risk is very low, bordering on zero", but the "person of special interest" category is broader than people often realize. Intelligence agencies are known to target sysadmins in particular. As a security consultant who knows of vulnerabilities before they are fixed, I can imagine what interest I might attract, and boy do I feel ordinary compared to the interesting people on this site.

      – Luc
      10 hours ago






    • 17





      The Evil Organization would have to predict when I am going to buy a router, predict which make/model I will buy, where I will buy, go there before, buy all the routers on the place, put a backdoor on each one, return every one, and wait for me to buy the compromised router. I don't think is plausible...

      – ThoriumBR
      10 hours ago






    • 4





      Possible, yes, but so improbable that can be dismissed. It's orders of magnitude easier to just exploit a zero-day on the router I currently have...

      – ThoriumBR
      10 hours ago






    • 1





      @.ThoriumBR You are right. I didn't think through how much work it would be: even if we are generally interesting targets, this doesn't scale.

      – Luc
      10 hours ago








    • 7





      Trust me, you're not that interesting.

      – hft
      8 hours ago
















    46














    Short answer: do a factory reset, update the firmware, and you are good to go.



    The risk is very low, bordering zero. The previous owner may have installed a custom firmware or changed its configuration, but a firmware upgrade and factory reset is enough to take care of almost every change.



    The risk that the previous owner tampered with the router and his changes can survive even a firmware upgrade and factory reset is negligible.



    So, don't worry, unless you are a person of special interest: working on top-secret stuff or have privileged financial information on a big enterprise. But as you are buying a used router, I bet you are a common guy and would not be a target for those attacks.






    share|improve this answer





















    • 2





      Wouldn't most people on stackoverflow/serverfault be persons of interest? They make software that gets deployed in lots of places, or manage systems for corporations. Even so, I agree with your answer in that "the risk is very low, bordering on zero", but the "person of special interest" category is broader than people often realize. Intelligence agencies are known to target sysadmins in particular. As a security consultant who knows of vulnerabilities before they are fixed, I can imagine what interest I might attract, and boy do I feel ordinary compared to the interesting people on this site.

      – Luc
      10 hours ago






    • 17





      The Evil Organization would have to predict when I am going to buy a router, predict which make/model I will buy, where I will buy, go there before, buy all the routers on the place, put a backdoor on each one, return every one, and wait for me to buy the compromised router. I don't think is plausible...

      – ThoriumBR
      10 hours ago






    • 4





      Possible, yes, but so improbable that can be dismissed. It's orders of magnitude easier to just exploit a zero-day on the router I currently have...

      – ThoriumBR
      10 hours ago






    • 1





      @.ThoriumBR You are right. I didn't think through how much work it would be: even if we are generally interesting targets, this doesn't scale.

      – Luc
      10 hours ago








    • 7





      Trust me, you're not that interesting.

      – hft
      8 hours ago














    46












    46








    46







    Short answer: do a factory reset, update the firmware, and you are good to go.



    The risk is very low, bordering zero. The previous owner may have installed a custom firmware or changed its configuration, but a firmware upgrade and factory reset is enough to take care of almost every change.



    The risk that the previous owner tampered with the router and his changes can survive even a firmware upgrade and factory reset is negligible.



    So, don't worry, unless you are a person of special interest: working on top-secret stuff or have privileged financial information on a big enterprise. But as you are buying a used router, I bet you are a common guy and would not be a target for those attacks.






    share|improve this answer















    Short answer: do a factory reset, update the firmware, and you are good to go.



    The risk is very low, bordering zero. The previous owner may have installed a custom firmware or changed its configuration, but a firmware upgrade and factory reset is enough to take care of almost every change.



    The risk that the previous owner tampered with the router and his changes can survive even a firmware upgrade and factory reset is negligible.



    So, don't worry, unless you are a person of special interest: working on top-secret stuff or have privileged financial information on a big enterprise. But as you are buying a used router, I bet you are a common guy and would not be a target for those attacks.







    share|improve this answer














    share|improve this answer



    share|improve this answer








    edited 10 hours ago

























    answered 13 hours ago









    ThoriumBRThoriumBR

    22.4k65470




    22.4k65470








    • 2





      Wouldn't most people on stackoverflow/serverfault be persons of interest? They make software that gets deployed in lots of places, or manage systems for corporations. Even so, I agree with your answer in that "the risk is very low, bordering on zero", but the "person of special interest" category is broader than people often realize. Intelligence agencies are known to target sysadmins in particular. As a security consultant who knows of vulnerabilities before they are fixed, I can imagine what interest I might attract, and boy do I feel ordinary compared to the interesting people on this site.

      – Luc
      10 hours ago






    • 17





      The Evil Organization would have to predict when I am going to buy a router, predict which make/model I will buy, where I will buy, go there before, buy all the routers on the place, put a backdoor on each one, return every one, and wait for me to buy the compromised router. I don't think is plausible...

      – ThoriumBR
      10 hours ago






    • 4





      Possible, yes, but so improbable that can be dismissed. It's orders of magnitude easier to just exploit a zero-day on the router I currently have...

      – ThoriumBR
      10 hours ago






    • 1





      @.ThoriumBR You are right. I didn't think through how much work it would be: even if we are generally interesting targets, this doesn't scale.

      – Luc
      10 hours ago








    • 7





      Trust me, you're not that interesting.

      – hft
      8 hours ago














    • 2





      Wouldn't most people on stackoverflow/serverfault be persons of interest? They make software that gets deployed in lots of places, or manage systems for corporations. Even so, I agree with your answer in that "the risk is very low, bordering on zero", but the "person of special interest" category is broader than people often realize. Intelligence agencies are known to target sysadmins in particular. As a security consultant who knows of vulnerabilities before they are fixed, I can imagine what interest I might attract, and boy do I feel ordinary compared to the interesting people on this site.

      – Luc
      10 hours ago






    • 17





      The Evil Organization would have to predict when I am going to buy a router, predict which make/model I will buy, where I will buy, go there before, buy all the routers on the place, put a backdoor on each one, return every one, and wait for me to buy the compromised router. I don't think is plausible...

      – ThoriumBR
      10 hours ago






    • 4





      Possible, yes, but so improbable that can be dismissed. It's orders of magnitude easier to just exploit a zero-day on the router I currently have...

      – ThoriumBR
      10 hours ago






    • 1





      @.ThoriumBR You are right. I didn't think through how much work it would be: even if we are generally interesting targets, this doesn't scale.

      – Luc
      10 hours ago








    • 7





      Trust me, you're not that interesting.

      – hft
      8 hours ago








    2




    2





    Wouldn't most people on stackoverflow/serverfault be persons of interest? They make software that gets deployed in lots of places, or manage systems for corporations. Even so, I agree with your answer in that "the risk is very low, bordering on zero", but the "person of special interest" category is broader than people often realize. Intelligence agencies are known to target sysadmins in particular. As a security consultant who knows of vulnerabilities before they are fixed, I can imagine what interest I might attract, and boy do I feel ordinary compared to the interesting people on this site.

    – Luc
    10 hours ago





    Wouldn't most people on stackoverflow/serverfault be persons of interest? They make software that gets deployed in lots of places, or manage systems for corporations. Even so, I agree with your answer in that "the risk is very low, bordering on zero", but the "person of special interest" category is broader than people often realize. Intelligence agencies are known to target sysadmins in particular. As a security consultant who knows of vulnerabilities before they are fixed, I can imagine what interest I might attract, and boy do I feel ordinary compared to the interesting people on this site.

    – Luc
    10 hours ago




    17




    17





    The Evil Organization would have to predict when I am going to buy a router, predict which make/model I will buy, where I will buy, go there before, buy all the routers on the place, put a backdoor on each one, return every one, and wait for me to buy the compromised router. I don't think is plausible...

    – ThoriumBR
    10 hours ago





    The Evil Organization would have to predict when I am going to buy a router, predict which make/model I will buy, where I will buy, go there before, buy all the routers on the place, put a backdoor on each one, return every one, and wait for me to buy the compromised router. I don't think is plausible...

    – ThoriumBR
    10 hours ago




    4




    4





    Possible, yes, but so improbable that can be dismissed. It's orders of magnitude easier to just exploit a zero-day on the router I currently have...

    – ThoriumBR
    10 hours ago





    Possible, yes, but so improbable that can be dismissed. It's orders of magnitude easier to just exploit a zero-day on the router I currently have...

    – ThoriumBR
    10 hours ago




    1




    1





    @.ThoriumBR You are right. I didn't think through how much work it would be: even if we are generally interesting targets, this doesn't scale.

    – Luc
    10 hours ago







    @.ThoriumBR You are right. I didn't think through how much work it would be: even if we are generally interesting targets, this doesn't scale.

    – Luc
    10 hours ago






    7




    7





    Trust me, you're not that interesting.

    – hft
    8 hours ago





    Trust me, you're not that interesting.

    – hft
    8 hours ago













    8














    The main risk is that the firmware has been replaced by a malicious version, which could make it possible to intercept all the traffic on your network. Passwords, injecting malware, redirecting you to malicious sites, etc. That's a worst-case scenario but easy for someone to do.



    You want to factory reset the device to try to clear out anything that the previous owner may have set up in the factory firmware.



    But more importantly, you want to see if the firmware has been changed by looking to see if the case has been opened or tampered with and to see if the operating system of the router has changed. But that might not be enough. It is easy to simulate the OS and website on a router.



    Something that you could do is to replace the firmware with one of your own. That should wipe out any malicious firmware on the device. There are open-source after-market firmware you can use.






    share|improve this answer



















    • 1





      what about downloading a new firmware from the router's support site (rather than openWRT)?

      – dandavis
      13 hours ago






    • 3





      If there is one available from the router's manufacturer, it should be the preferred one!

      – CyberDude
      13 hours ago






    • 1





      Sure, if available.

      – schroeder
      13 hours ago











    • Given how common authenticated command injection / code execution (eg via firmware update, or just bad coding) attacks are in routers, I'm not sure if checking for hardware tampering is enough. And if an attacker has tampered with the firmware, they should be able to fake any firmware update, or place a backdoor in any newly installed firmware. For an update via web interface of the router, this should be trivial, for an update via serial interface or firmware reset probably a bit more difficult (though I'm not sure how much more; if you could add more info about this, that would be great).

      – tim
      10 hours ago
















    8














    The main risk is that the firmware has been replaced by a malicious version, which could make it possible to intercept all the traffic on your network. Passwords, injecting malware, redirecting you to malicious sites, etc. That's a worst-case scenario but easy for someone to do.



    You want to factory reset the device to try to clear out anything that the previous owner may have set up in the factory firmware.



    But more importantly, you want to see if the firmware has been changed by looking to see if the case has been opened or tampered with and to see if the operating system of the router has changed. But that might not be enough. It is easy to simulate the OS and website on a router.



    Something that you could do is to replace the firmware with one of your own. That should wipe out any malicious firmware on the device. There are open-source after-market firmware you can use.






    share|improve this answer



















    • 1





      what about downloading a new firmware from the router's support site (rather than openWRT)?

      – dandavis
      13 hours ago






    • 3





      If there is one available from the router's manufacturer, it should be the preferred one!

      – CyberDude
      13 hours ago






    • 1





      Sure, if available.

      – schroeder
      13 hours ago











    • Given how common authenticated command injection / code execution (eg via firmware update, or just bad coding) attacks are in routers, I'm not sure if checking for hardware tampering is enough. And if an attacker has tampered with the firmware, they should be able to fake any firmware update, or place a backdoor in any newly installed firmware. For an update via web interface of the router, this should be trivial, for an update via serial interface or firmware reset probably a bit more difficult (though I'm not sure how much more; if you could add more info about this, that would be great).

      – tim
      10 hours ago














    8












    8








    8







    The main risk is that the firmware has been replaced by a malicious version, which could make it possible to intercept all the traffic on your network. Passwords, injecting malware, redirecting you to malicious sites, etc. That's a worst-case scenario but easy for someone to do.



    You want to factory reset the device to try to clear out anything that the previous owner may have set up in the factory firmware.



    But more importantly, you want to see if the firmware has been changed by looking to see if the case has been opened or tampered with and to see if the operating system of the router has changed. But that might not be enough. It is easy to simulate the OS and website on a router.



    Something that you could do is to replace the firmware with one of your own. That should wipe out any malicious firmware on the device. There are open-source after-market firmware you can use.






    share|improve this answer













    The main risk is that the firmware has been replaced by a malicious version, which could make it possible to intercept all the traffic on your network. Passwords, injecting malware, redirecting you to malicious sites, etc. That's a worst-case scenario but easy for someone to do.



    You want to factory reset the device to try to clear out anything that the previous owner may have set up in the factory firmware.



    But more importantly, you want to see if the firmware has been changed by looking to see if the case has been opened or tampered with and to see if the operating system of the router has changed. But that might not be enough. It is easy to simulate the OS and website on a router.



    Something that you could do is to replace the firmware with one of your own. That should wipe out any malicious firmware on the device. There are open-source after-market firmware you can use.







    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered 14 hours ago









    schroederschroeder

    76.2k29169205




    76.2k29169205








    • 1





      what about downloading a new firmware from the router's support site (rather than openWRT)?

      – dandavis
      13 hours ago






    • 3





      If there is one available from the router's manufacturer, it should be the preferred one!

      – CyberDude
      13 hours ago






    • 1





      Sure, if available.

      – schroeder
      13 hours ago











    • Given how common authenticated command injection / code execution (eg via firmware update, or just bad coding) attacks are in routers, I'm not sure if checking for hardware tampering is enough. And if an attacker has tampered with the firmware, they should be able to fake any firmware update, or place a backdoor in any newly installed firmware. For an update via web interface of the router, this should be trivial, for an update via serial interface or firmware reset probably a bit more difficult (though I'm not sure how much more; if you could add more info about this, that would be great).

      – tim
      10 hours ago














    • 1





      what about downloading a new firmware from the router's support site (rather than openWRT)?

      – dandavis
      13 hours ago






    • 3





      If there is one available from the router's manufacturer, it should be the preferred one!

      – CyberDude
      13 hours ago






    • 1





      Sure, if available.

      – schroeder
      13 hours ago











    • Given how common authenticated command injection / code execution (eg via firmware update, or just bad coding) attacks are in routers, I'm not sure if checking for hardware tampering is enough. And if an attacker has tampered with the firmware, they should be able to fake any firmware update, or place a backdoor in any newly installed firmware. For an update via web interface of the router, this should be trivial, for an update via serial interface or firmware reset probably a bit more difficult (though I'm not sure how much more; if you could add more info about this, that would be great).

      – tim
      10 hours ago








    1




    1





    what about downloading a new firmware from the router's support site (rather than openWRT)?

    – dandavis
    13 hours ago





    what about downloading a new firmware from the router's support site (rather than openWRT)?

    – dandavis
    13 hours ago




    3




    3





    If there is one available from the router's manufacturer, it should be the preferred one!

    – CyberDude
    13 hours ago





    If there is one available from the router's manufacturer, it should be the preferred one!

    – CyberDude
    13 hours ago




    1




    1





    Sure, if available.

    – schroeder
    13 hours ago





    Sure, if available.

    – schroeder
    13 hours ago













    Given how common authenticated command injection / code execution (eg via firmware update, or just bad coding) attacks are in routers, I'm not sure if checking for hardware tampering is enough. And if an attacker has tampered with the firmware, they should be able to fake any firmware update, or place a backdoor in any newly installed firmware. For an update via web interface of the router, this should be trivial, for an update via serial interface or firmware reset probably a bit more difficult (though I'm not sure how much more; if you could add more info about this, that would be great).

    – tim
    10 hours ago





    Given how common authenticated command injection / code execution (eg via firmware update, or just bad coding) attacks are in routers, I'm not sure if checking for hardware tampering is enough. And if an attacker has tampered with the firmware, they should be able to fake any firmware update, or place a backdoor in any newly installed firmware. For an update via web interface of the router, this should be trivial, for an update via serial interface or firmware reset probably a bit more difficult (though I'm not sure how much more; if you could add more info about this, that would be great).

    – tim
    10 hours ago











    6














    By far, your main risk in buying an "open box" router is that the router has some subtle damage that the manufacturer didn't detect but that will ultimately reduce the lifespan of the device. That's one reason why they often have reduced warranties.



    Security-wise, the risk is negligible if you do a factory reset and re-flash the firmware. That should re-write everything in programmable memory and erase anything malicious that a previous user might have loaded. In fact, this is a best practice even for new routers. I've bought new routers multiple times only to learn that they were still programmed for what was clearly a test network at the factory.



    Persistent malware is a real thing, but it's not something to worry too much about. After all, a "brand new" router could have had persistent malware loaded at the factory, so this isn't a risk you can completely mitigate.






    share|improve this answer








    New contributor




    bta is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.

























      6














      By far, your main risk in buying an "open box" router is that the router has some subtle damage that the manufacturer didn't detect but that will ultimately reduce the lifespan of the device. That's one reason why they often have reduced warranties.



      Security-wise, the risk is negligible if you do a factory reset and re-flash the firmware. That should re-write everything in programmable memory and erase anything malicious that a previous user might have loaded. In fact, this is a best practice even for new routers. I've bought new routers multiple times only to learn that they were still programmed for what was clearly a test network at the factory.



      Persistent malware is a real thing, but it's not something to worry too much about. After all, a "brand new" router could have had persistent malware loaded at the factory, so this isn't a risk you can completely mitigate.






      share|improve this answer








      New contributor




      bta is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.























        6












        6








        6







        By far, your main risk in buying an "open box" router is that the router has some subtle damage that the manufacturer didn't detect but that will ultimately reduce the lifespan of the device. That's one reason why they often have reduced warranties.



        Security-wise, the risk is negligible if you do a factory reset and re-flash the firmware. That should re-write everything in programmable memory and erase anything malicious that a previous user might have loaded. In fact, this is a best practice even for new routers. I've bought new routers multiple times only to learn that they were still programmed for what was clearly a test network at the factory.



        Persistent malware is a real thing, but it's not something to worry too much about. After all, a "brand new" router could have had persistent malware loaded at the factory, so this isn't a risk you can completely mitigate.






        share|improve this answer








        New contributor




        bta is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.










        By far, your main risk in buying an "open box" router is that the router has some subtle damage that the manufacturer didn't detect but that will ultimately reduce the lifespan of the device. That's one reason why they often have reduced warranties.



        Security-wise, the risk is negligible if you do a factory reset and re-flash the firmware. That should re-write everything in programmable memory and erase anything malicious that a previous user might have loaded. In fact, this is a best practice even for new routers. I've bought new routers multiple times only to learn that they were still programmed for what was clearly a test network at the factory.



        Persistent malware is a real thing, but it's not something to worry too much about. After all, a "brand new" router could have had persistent malware loaded at the factory, so this isn't a risk you can completely mitigate.







        share|improve this answer








        New contributor




        bta is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.









        share|improve this answer



        share|improve this answer






        New contributor




        bta is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.









        answered 11 hours ago









        btabta

        1613




        1613




        New contributor




        bta is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.





        New contributor





        bta is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.






        bta is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.























            3














            Technically there is a risk that the previous owner has installed custom modified firmware with a backdoor.



            It is unlikely that the average person has installed custom firmware. Most people don't care about their routers and rarely update them, let alone upgrade them with custom firmware. IF custom firmware was installed it is most likely something benign like DD-WRT, OpenWRT or similar.



            And even if they did install custom firmware, it is easily erased with a factory reset or by installing custom firmware of your own. Download the newest firmware package from the manufacturer and flash to the router before plugging the router into either the internet or your local network.





            I am splitting this answer because this second case does not apply to the overwhelming majority of people.



            Unless you are a UN Peacekeeper, Top Secret Government Agent, Elite Hacker under investigation, CEO of a major corporation, or otherwise have important information or many well funded enemies, stop reading now.



            It is technically possible, but incredibly unlikely, that there is a threat on that router that a factory reset/reflash will not remove. This is incredibly unlikely unless you are a high value target. The overwhelming majority of people should not be concerned about this case.



            If someone wants to target you, there are many better and cheaper ways to target you than discovering a new vulnerability in that router or building a fake router to trick you.



            If you are worried about this incredibly unlikely scenario, then your safest bet is to buy new hardware directly from the factory.






            share|improve this answer



















            • 1





              FYI, after reading your answer, my takeaway is that ThoriumBR said the same thing more concisely two hours before you (and you also use bold/italics a lot: if almost every paragraph has highlighting, and it's just one or a few words so you need to read the context around it, then nothing is highlighted).

              – Luc
              9 hours ago
















            3














            Technically there is a risk that the previous owner has installed custom modified firmware with a backdoor.



            It is unlikely that the average person has installed custom firmware. Most people don't care about their routers and rarely update them, let alone upgrade them with custom firmware. IF custom firmware was installed it is most likely something benign like DD-WRT, OpenWRT or similar.



            And even if they did install custom firmware, it is easily erased with a factory reset or by installing custom firmware of your own. Download the newest firmware package from the manufacturer and flash to the router before plugging the router into either the internet or your local network.





            I am splitting this answer because this second case does not apply to the overwhelming majority of people.



            Unless you are a UN Peacekeeper, Top Secret Government Agent, Elite Hacker under investigation, CEO of a major corporation, or otherwise have important information or many well funded enemies, stop reading now.



            It is technically possible, but incredibly unlikely, that there is a threat on that router that a factory reset/reflash will not remove. This is incredibly unlikely unless you are a high value target. The overwhelming majority of people should not be concerned about this case.



            If someone wants to target you, there are many better and cheaper ways to target you than discovering a new vulnerability in that router or building a fake router to trick you.



            If you are worried about this incredibly unlikely scenario, then your safest bet is to buy new hardware directly from the factory.






            share|improve this answer



















            • 1





              FYI, after reading your answer, my takeaway is that ThoriumBR said the same thing more concisely two hours before you (and you also use bold/italics a lot: if almost every paragraph has highlighting, and it's just one or a few words so you need to read the context around it, then nothing is highlighted).

              – Luc
              9 hours ago














            3












            3








            3







            Technically there is a risk that the previous owner has installed custom modified firmware with a backdoor.



            It is unlikely that the average person has installed custom firmware. Most people don't care about their routers and rarely update them, let alone upgrade them with custom firmware. IF custom firmware was installed it is most likely something benign like DD-WRT, OpenWRT or similar.



            And even if they did install custom firmware, it is easily erased with a factory reset or by installing custom firmware of your own. Download the newest firmware package from the manufacturer and flash to the router before plugging the router into either the internet or your local network.





            I am splitting this answer because this second case does not apply to the overwhelming majority of people.



            Unless you are a UN Peacekeeper, Top Secret Government Agent, Elite Hacker under investigation, CEO of a major corporation, or otherwise have important information or many well funded enemies, stop reading now.



            It is technically possible, but incredibly unlikely, that there is a threat on that router that a factory reset/reflash will not remove. This is incredibly unlikely unless you are a high value target. The overwhelming majority of people should not be concerned about this case.



            If someone wants to target you, there are many better and cheaper ways to target you than discovering a new vulnerability in that router or building a fake router to trick you.



            If you are worried about this incredibly unlikely scenario, then your safest bet is to buy new hardware directly from the factory.






            share|improve this answer













            Technically there is a risk that the previous owner has installed custom modified firmware with a backdoor.



            It is unlikely that the average person has installed custom firmware. Most people don't care about their routers and rarely update them, let alone upgrade them with custom firmware. IF custom firmware was installed it is most likely something benign like DD-WRT, OpenWRT or similar.



            And even if they did install custom firmware, it is easily erased with a factory reset or by installing custom firmware of your own. Download the newest firmware package from the manufacturer and flash to the router before plugging the router into either the internet or your local network.





            I am splitting this answer because this second case does not apply to the overwhelming majority of people.



            Unless you are a UN Peacekeeper, Top Secret Government Agent, Elite Hacker under investigation, CEO of a major corporation, or otherwise have important information or many well funded enemies, stop reading now.



            It is technically possible, but incredibly unlikely, that there is a threat on that router that a factory reset/reflash will not remove. This is incredibly unlikely unless you are a high value target. The overwhelming majority of people should not be concerned about this case.



            If someone wants to target you, there are many better and cheaper ways to target you than discovering a new vulnerability in that router or building a fake router to trick you.



            If you are worried about this incredibly unlikely scenario, then your safest bet is to buy new hardware directly from the factory.







            share|improve this answer












            share|improve this answer



            share|improve this answer










            answered 11 hours ago









            VidiaVidia

            1493




            1493








            • 1





              FYI, after reading your answer, my takeaway is that ThoriumBR said the same thing more concisely two hours before you (and you also use bold/italics a lot: if almost every paragraph has highlighting, and it's just one or a few words so you need to read the context around it, then nothing is highlighted).

              – Luc
              9 hours ago














            • 1





              FYI, after reading your answer, my takeaway is that ThoriumBR said the same thing more concisely two hours before you (and you also use bold/italics a lot: if almost every paragraph has highlighting, and it's just one or a few words so you need to read the context around it, then nothing is highlighted).

              – Luc
              9 hours ago








            1




            1





            FYI, after reading your answer, my takeaway is that ThoriumBR said the same thing more concisely two hours before you (and you also use bold/italics a lot: if almost every paragraph has highlighting, and it's just one or a few words so you need to read the context around it, then nothing is highlighted).

            – Luc
            9 hours ago





            FYI, after reading your answer, my takeaway is that ThoriumBR said the same thing more concisely two hours before you (and you also use bold/italics a lot: if almost every paragraph has highlighting, and it's just one or a few words so you need to read the context around it, then nothing is highlighted).

            – Luc
            9 hours ago


















            draft saved

            draft discarded




















































            Thanks for contributing an answer to Information Security Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f203859%2fbuying-a-used-router%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            How to label and detect the document text images

            Vallis Paradisi

            Tabula Rosettana