In a recent incident, a hacker downloaded and attempted to sell documents about the Air Force’s MQ-9 Reaper, a hunter-killer UAV designed for long-endurance, high-altitude surveillance. To do so, they took advantage of an elementary security oversight by military personnel.
After being caught, the hacker disclosed that they’d used a known vulnerability in Netgear routers, and had used a scanning engine to find all copies of that model that were vulnerable. The hole is easily remedied by setting the FTP password on the device, which Netgear notified customers about two years ago.
Investigators in the incident report that the vulnerability gives hackers unfettered access to the network the device is routing. The channel works in both directions, potentially allowing a hacker to upload malware to machines as well downloading documents from them.
