Attacks on the FRITZ! Box tracked

MyFritz Updates in preparation
The safety notice continues to apply

Criminal attacks on port 443
Attack pattern clarified
First updates for FRITZ! Box this weekend
Security advisory for port 443 still applies

The attacks on the FRITZ! Box that have occurred in the past few days have been traced. Through intensive development work, AVM was able to identify the perpetrator's attack pattern. Accordingly, the perpetrators carried out an attack via port 443 and penetrated the FRITZ! Box. Passwords could also be stolen. AVM will provide software updates from the weekend so that no further attacks can be carried out according to this pattern. AVM has passed the current findings to the investigating authorities.


Peter Faxel, CTO of AVM: “We develop new software through several security levels and it is also checked by well-known experts before it is released. We regret all the more recent incidents and the restrictions that our customers are currently experiencing. "

The attacks observed affect all FRITZ!Box devices for which the MyFRITZ service or remote access has been actively switched on. Since other passwords may have been stolen in addition to the access data, AVM urgently recommends that all passwords with the FRITZ!Box* Renew related passwords and access data. Instructions for this can be found at avm.de/security.
The recommendation that has already been made is port 443 (“Internet access to the FRITZ!Box* over HTTPS”) still applies and prevents these attacks. AVM will provide new firmware versions for the FRITZ!Box models starting this weekend. After the update, remote access and MyFRITZ! again available without restrictions. Under avm.de/security users will find an overview of the currently available downloads.

 

Source: AVM press release

08.02.2014/XNUMX/XNUMX (mh)