"Used Routers Often Come Loaded With Corporate Secrets"

Researchers from the security company ESET discovered that over half of the secondhand enterprise routers they purchased for testing were overflowing with network information, credentials, and sensitive data about the institutions that previously owned them. The researchers purchased 18 used routers from Cisco, Fortinet, and Juniper Networks. Nine were exactly as their previous owners had left them and were completely accessible, whereas only five had been thoroughly wiped. Two were encrypted, one was inoperable, and one was a copy of another device. The nine unprotected devices all contained Virtual Private Network (VPN) credentials, credentials for another secure network communication service, or hashed root administrator passwords. In addition, all of them contained sufficient information to identify the previous owner or operator of the router. Eight of the nine unprotected devices had router-to-router authentication keys and details regarding how the router connected to specific applications used by the previous owner. Four devices exposed credentials for connecting to the networks of other entities, such as trusted partners, collaborators, and more. Three contained information on how a third party could connect to the network of the previous owner, and two contained customer information. This article continues to discuss the exposure of corporate secrets by old discarded routers.

Ars Technica reports "Used Routers Often Come Loaded With Corporate Secrets"