Hughesnet Community

Mirai Botnet

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
JCH1
New Member
‎08-10-2021 01:27 PM
‎08-10-2021 01:27 PM

Mirai Botnet

There are multiple articles published saying the Hughesnet router HT2000W is vulnerable to the Mirai Botnet security issue.  The articles recommend getting a patch from the device provider or ISP.  When will Hughesnet have a patch or an update for our routers?  How can we get it?

0 Kudos
1 ACCEPTED SOLUTION
Liz
Moderator
Moderator
‎08-17-2021 10:34 AM
‎08-17-2021 10:34 AM

Good morning folks,

 

Thanks for the discussion! Just wanted to let you know that Arcadyan is addressing this matter and we are in touch with them. You'll hear from us on further updates.

 

Your patience and understanding are much appreciated.

 

Thanks,

Liz

 

Edit:

 

In the meantime, wouldn't hurt to do an overall security check of your devices. Google periodically reminds me to review my security settings, would be good to apply the same to everything else. Here are some tips.

If you have a tech or billing question and need help, please start a new thread in the appropriate board. Unsolicited Private Messages may not get replies.

Slow performance? Click me!

View solution in original post

9 REPLIES 9
GabeU
Distinguished Professor IV
‎08-10-2021 02:08 PM
‎08-10-2021 02:08 PM

They're likely already looking into it.  

 

If/when they release a patch, it will be done automatically.  

chuckyofterror
New Poster
In response to GabeU
‎08-10-2021 02:16 PM
‎08-10-2021 02:16 PM

I am going to go out on a limb, and say that unless you have Static IP enabled on your account (Only SME accounts can do that, residential can't), then you should be OK for the time being, as no one can remotely access your terminals.  Those that do have an SME account with Static IP, could very well become impacted.

Hmm, not sure why I posted under this account... -C0RR0SIVE

Remy
Moderator
Moderator
In response to chuckyofterror
‎08-11-2021 11:12 AM
‎08-11-2021 11:12 AM

JCH1,

 

Thank you for reaching out, and welcome to the Community! We appreciate you letting us know about the article, and we've gone ahead and escalated it to the appropriate department. We'll let you know as soon as we have news to share about the issue, and we appreciate your patience!

 

Thanks,

Remy

MarkJFine
Professor
In response to chuckyofterror
‎08-11-2021 01:58 PM
‎08-11-2021 01:58 PM

For those that are curious about what it is and what it does this is pretty comrehensive: What is the Mirai Botnet? 

 

I suspect that hackers trying to deploy this incrementally scan IPs looking for IoT devices via /HNAP1 or /thinkphp or /TP/public/index.php signatures. Once a target is found, they attempt to use default passwords to get control of it.

As @chuckyofterror (er, @C0RR0SIVE) mentioned, they cannot even get to the HN2000W modem on standard residential networks because of the double-NAT that's in-place. That is not the case with Business accounts with static IPs, which are accessible from the outside.


* Disclaimer: I am a HughesNet customer and not a HughesNet employee. All of my comments are my own and do not necessarily represent HughesNet in any way.
maratsade
Distinguished Professor IV
In response to GabeU
‎08-11-2021 07:51 AM
‎08-11-2021 07:51 AM

I hope a rep chimes in about this. 

 

@GabeU wrote:

They're likely already looking into it.  

 

If/when they release a patch, it will be done automatically.  

 

0 Kudos
Liz
Moderator
Moderator
‎08-17-2021 10:34 AM
‎08-17-2021 10:34 AM

Good morning folks,

 

Thanks for the discussion! Just wanted to let you know that Arcadyan is addressing this matter and we are in touch with them. You'll hear from us on further updates.

 

Your patience and understanding are much appreciated.

 

Thanks,

Liz

 

Edit:

 

In the meantime, wouldn't hurt to do an overall security check of your devices. Google periodically reminds me to review my security settings, would be good to apply the same to everything else. Here are some tips.

If you have a tech or billing question and need help, please start a new thread in the appropriate board. Unsolicited Private Messages may not get replies.

Slow performance? Click me!

Danny89
Junior
In response to Liz
‎08-18-2021 09:07 AM
‎08-18-2021 09:07 AM

Glad to hear they are working on it! 😄

One thing I have a question about, or to make a statement on, wouldnt any exploiters need to be physically close to our modem in order to hack it, at least for residential users? That should be a great comfort for us if so 😛 Im pretty sure I'd have to make a huge wifi dish to broadcast my signal to my nearest neighbors!

Obviously though, all security issues must be fixed since even if we are protected by the nature of geosynchronous satellite....some hacker could probably figure out how to exploit the exploit to exploit further exploits and start using our data to stream Amazon Prime at 9k USHD Mega and melt our modems down

0 Kudos
maratsade
Distinguished Professor IV
In response to Danny89
‎08-18-2021 10:25 AM
‎08-18-2021 10:25 AM

Mark has already explained this in this thread and elsewhere.  I would guess that if someone is sitting on your driveway and you have a very weak password or are using the passwords that came with the device, they would be able to get in. 

 

@Danny89 wrote:


One thing I have a question about, or to make a statement on, wouldnt any exploiters need to be physically close to our modem in order to hack it, at least for residential users? 

0 Kudos
MarkJFine
Professor
In response to maratsade
‎08-18-2021 04:34 PM
‎08-18-2021 04:34 PM

I was thinking at some point of coming up with every vulnerability probe I see and try to classify what they're trying to do, including those that don't even have a protocol associated with them and just throw control characters at the web server. It'd be a lot of work though.

 

Edit: Before I start getting someone with smart comments, yes, I know that the control characters thing is a form of SQL Injection...


* Disclaimer: I am a HughesNet customer and not a HughesNet employee. All of my comments are my own and do not necessarily represent HughesNet in any way.
0 Kudos