On Thursday, Wikileaks revealed a CIA spy tool codenamed "CherryBlossom". Wi-Fi devices from numerous manufacturers have been compromised by the injection of manipulated firmware.
According to the documents now published, CherryBlossom infects Wi-Fi routers and access points is capable of passing on sensitive data and information to third parties, including passwords.
LANCOM WLAN routers and access points are not affected by CherryBlossom. The tool is a Linux-based program that only runs on the corresponding devices. All LANCOM WLAN devices use the LANCOM closed-source operating system LCOS, and as a consequence it cannot be run on LANCOM devices.
More information about CherryBlossom and a list of affected manufacturers and models is available on the relevant Wikileaks page: https://wikileaks.org/vault7/#Cherry%20Blossom
Over the past few days the media has been reporting on an apparently worldwide attack on DSL routers via the TR-069 remote management port. One effect of this was that customers of Deutsche Telekom have suffered connection failures on a massive scale.
LANCOM routers were unaffected by these attacks. By default, our routers do not support the TR-069 remote management protocol. This is only used if customers explicitly request it. To the best of our knowledge, no impairments have been experienced here either.
Detailed information about the attack is available from infoworld.com.
Currently media reports are publicizing the threat from the glibc vulnerability in Linux networking software.
LANCOM routers are not affected by this security vulnerability as they do not use a Linux-based operating system. LANCOM routers exclusively use the closed-source operating system LCOS. The glibc library is not used in LANCOM routers and a proprietary process is used for DNS resolution. With LANCOM switches the glibc library is also not used.
Since the LANCOM Management Systems Large Scale Monitor (LSM) and Large Scale Rollout (LSR) are operated under Linux, LANCOM Systems recommends upgrading the linux-own glibc library on these systems. Instructions are available in the following KnowledgeBase article.
November 2015 the German news channel heise online published this article on the potential vulnerability of SSH- and SSL keys (German only):
To sum it up, millions of IT products are potentially vulnerable to so-called "Man-in-the-Middle" attacks when being accessed via the management protocols SSH and SSL. An attacker recording the respective data traffic (configuration and access data) can thus be enabled to decrypt transmitted data. This is due to the industry-wide practice that the underlying keys and certificates are not individually assigned per device but rather identical for product families. Such an attack cannot be conducted trivially and is adhered to further conditions.
This is an industry-wide security issue of which all renowned vendors are affected - so is LANCOM Systems.
LANCOM System offers free LCOS Security Updates which execute an automatic creation of individual SSH- and SSL keys for each device, if such keys are not already active in the device.
According to present knowledge, this vulnerability has not been exploited for an attack so far. LANCOM Systems still assesses this threat as medium and recommends to check whether your products are potentially affected and to implements the described measures.
This KnowledgeBase article comprises a list of all LANCOM devices with guidances for the creation of individual SSH- and SSL keys.
The described measures will fix this vulnerability.