I'm curious as to whether the router manufacturer included a back door or if the FBI used the same exploit that was used to infect the routers in the first place.
It's not entirely uncommon for the latter to happen. Some greyhats have done similar things to clear out botnets in the past.
It still counts as unauthorized access to a system though so most avoid doing so even if the intended result is beneficial
The U.S. has a very robust hacking capability, we just don’t advertise it and we concentrate on shutting down or infiltrating critical infrastructure in times of war or espionage.
Instead of hacking China to steal industrial secrets, we hack them to see if we could say open or close all the floodgates at the 3 Gorges Damn… China hacks us to steal state and industrial secrets, though they are now starting to focus on infrastructure.
I would assume they used the same exploit as the botnet because only the NSA gets to use the fancy secret backdoors and secret list of vulnerabilities.
Unless the routers were also managed by ISPs in which case they might have just had builtin remote access/remote commands
if the routers were managed by ISPs, the ISPs would have kept them up-to-date. these were not home users, but small business users, and a standard service contract would have covered that sort of thing. considering the issue was so widespread and over several different ISPs and different devices, the most likely explanation is that they were owned and managed by the user.
I used to fall for that logic that an ISP would keep my router up to date. It doesn’t happen.
In my case I had the same ISP router for over four years and there was a known bug streaming video. I didn’t have privileges to update and they refused to. Nor would they replace my router with a current one because “it’s not broken and hasn’t yet reached the age we switch them out”.
My solution was to stop renting the router. Also stop renting set top boxes and drop phone and cable service. I’m much happier with only internet for however many years that’s been and I have more control over keeping my network up to date and configured properly
I suspect it might have been problematic to tip off the malware operators that the network was about to be shut down. Apparently customers are going to be informed via their ISPs now. I guess some if them may decide to junk the routers.
The FBI has identified the routers; if they're able to connect to them and issue commands, they clearly know the IPs of those routers and thus the ISP servicing that IP. The ISP knows which of their customers is/was assigned a particular IP.
Your ISP knows the Mac address of your router since it requests a public IP from them using DHCP. That's why if you contact support they usually can confirm the brand of your router by doing an oui lookup.
In theory the FBI could have collected a list of MACs and optionally used an ASN lookup on the public IP and then handed each ISP their list of MACs, which the ISP could associate back to customers to contact. It would only not work for customers who spoof their router WANs ethernet mac.
But I think just patching it is a normal and fine solution imo.
I only do web development, but my networking knowledge mostly comes from being the designated person to call the ISP for tech support and being in charge of setting up the WiFi in every place that I've lived, in addition to participating and running community scale mesh wifi tech meetups for many years (think NYCMesh except just 4 guys who never accomplished much aside from buying and flashing lots of routers with openwrt lmao)
I also ran 12Us of homelab for a few years in my basement, which was powered by an overkill fiber to the home setup (courtesy of tricking Comcast into undercharging me for gigabit pro) that necessitated a 10G switch and firewall.
Probably works the other way around - FBI detects the problem at various IP addresses, patches them, then contacts the iISP and asks them to contact the customer who had x.y.z IP address