Cat_DrayTek wrote:
Hi there, recieved New draytek router from mybroadband.com recently.
Sorry that site won’t even load for me? Did they look like a legitimate site before you purchased? Did they accept credit/debit cards or was it just PayPal? Have you used them before?
Just wondering should the original packaging box have been sealed in any way? The box I recieved had not been sealed and could have been opened previously. This may seem trivial but after reading Draytek best practice tips I seen some warnings about Vendor leaks, just wanted to double check here.
Draytek don’t seal their boxes, or at least I’ve never received one (purchased 100’s of them).
What are the risks if hacker has had access to the router before delivery? Are there risks of duplicating router using serial?
If a hacker has had physical access then it doesn’t matter what you do the unit is compromised. The reality is that it’s unlikely that a hacker would intercept and then lojack or place a modified firmware on a draytek router. These are cheaper routers intended for small branches in SMBs, they wouldn’t ever be used in banks or businesses that carry critical data. The lack of IPS/IDS means that they also aren’t suitable for retail environments which require PCI compliance, which really is about the only ‘risky’ environment they would ever show up in.
Does resetting to factory settings, upgrading firmware and updating the security certificate remove any risks in that situation?
Depends on how the unit was compromised, if it’s a hardware modification then any changes in firmware or settings will do nothing. If they installed a modified firmware then the first thing that they would do is put a backdoor in should you reset or wipe the system.
What are the steps to update the security certificate?
Depends on the router, check the draytek support pages for your model on how to generate a new certificate.
Now the reality is it’s highly unlikely that you have a hacked router but it’s entirely possible that they sent you a returned unit. Check the condition externally of the unit including the cables. Do they look new? Register the device with Draytek, that will highlight if the unit has been registered by someone else. As best practice you should always update the firmware the best way to do this is before you configure the device. Draytek offer a RST firmware image which will remove any previous configuration, I always use this even if no configuration is present.
