https://medium.com/tenable-techblog/mak ... 0705459bc6

I am posting for admins to protect the system more if needed.

I couldn't follow it thoroughly to know if indeed it actually works, but it sounded real

gosh.. again..
viewtopic.php?f=2&t=145278&p=714963#p714963
viewtopic.php?f=2&t=145272&p=714906#p714906

We should start betting how many duplicates are gonna appear in upcoming month.
And all that because of someone showing how to hack YOUR OWN router..

This does not pose any risk. As long as you have physical access to the device, there is always some way to get in, even if it is via JTAG interface ...
On the other hand, it needs to be accepted as possible threat of second-hand devices. You will never know who operated it before you and what they did with the system... Netinstall is probably the only way.

For those who are even more paranoid, maybe even netinstall is not enough. It is a little secret but it seems there is a way to update backup routerboot: https://wiki.mikrotik.com/wiki/Manual:R ... bootloader
backup bootloader was always presented as read-only part of the device which cannot be possibly infected. However since there is this "special" package, we may assume that it is possible to rewrite it, therefore it is likely not on true read-only memory... What that means, together with root access is obvious - devices may be potentially infected so deep that even netinstall will be unable to wipe it.
(anyone is welcome to find a hole in my line of thoughts... Maybe it is safe after all and I just made some wrong assumption. All I am asking is an factual argument)

"Hacking" as presented on this post should be understood as setting up communication channel with a Tik while NOT using Winbox software package => reverse engineer the communications.
This approach allows to analyse the channel and it's usage and allows to hunt for bugs in software / underlying systems.

It does not describe how to gain unauthorised access to a system.

Since I am not an expert I added the "possibly" word...
No matter what it is better to know the "enemy" rather than ignore him...
Since this forum is to share our knowledge and findings to improve this wonderful product I posted it.

I hope it helps, sorry if it had been re-posted but I cannot read ALL posts maybe not even the forum admins manage to read them all

Most users who start threads "Mikrotik hacked...", "My router is unsecured", "Big hole in security of ..." seems to not check forum for security topics

Did you try easiest method to look for security problems:

search.php?keywords=vulnerability
search.php?keywords=security

before starting topic?

As long as you have physical access to the device, there is always some way to get in ... What that means, together with root access is obvious - devices may be potentially infected so deep that even netinstall will be unable to wipe it.

True, I think MikroTik's reputation is fine. Apple, and their billions can not stop physical tampering. As long as we're okay over the wire, I'm good. The issue with netinstall will have to be addressed, however, and will probably have to be updated to check some sort of a signature to verify everything is legit.

Don't think so: it would mean that routerboard would only run proprietary (inhouse) software.

I don't mind if someone opens the lid and peaks inside, its a good way to find out if
a. chips on board have nefarious firmware attached............ (That the vendor may not know about if bought abroad, notice I didnt say China).

Why would any VENDOR including MikroTik trust anything involving computer technology that's manufactured in CHINA. ... China and specifically the RED ARMY corps that specialize in NANO tech embedding so that it is very difficult if not impossible to locate ... NANO tech today is remarkably capable in bypassing any security mechanism. If the Vendor does not control end to end manufacturing process many 'western governments will not add them to there approved procurement vendors for good reasons.

Mozerd, any country where devices are manufactured are suspect and anywhere along the distribution chain (incoming or outgoing from-to a country).
I am not sure where MT devices are actually made (chips, CB, assembled etc) but I have my doubts that the Latvian govt has an NSA or Red Army equivalent that is interested in my affairs.
However they do have a nosy neighbour!

I am not currently sure of the actual number for 2018 but in 2016 90% of computing tech sold world wide was being manufactured in Chine .. You and the GOAL Post have ZERO idea what Chin's long term plans are and their impacts as some point in time. This is a very serious business that now has the utmost attention of western governments.The issue is not you the issue is people who matter.