×

Introducing the Orbi 970 Series Mesh System with WiFi 7(BE) technology. For more information visit the NETGEAR Press Room.

Start a New Discussion

Start a New Discussion

Orbi WiFi 7 RBE973
Reply

Re: Orbi RBR 50 hacked - Netgear, what are you doing to protect us?

wolfereeno
Apprentice
Apprentice
‎2023-07-26 05:45 AM
‎2023-07-26 05:45 AM

Orbi RBR 50 hacked - Netgear, what are you doing to protect us?

I got a suspicious email on gmail 2 weeks ago  - one of those "whats up" with no message body. I don't think I even opened it, but something triggered in the msg preview and seemed to run something.  I was using my Macbook and viewing gmail in Chrome. The one shortcoming on my part was that there was a Chrome update pending.  Otherwise I had everything up to date including my MacOS, windows machines, orbis and the satellites.

 

Shortly after I started getting warnings that websites weren't using HTTPS on the mac and two other of the computers on my network.  Then realized I could not log into the Admin screen on my Orbi.  I even got msgs about invalid certs to attach to my work email on my iphone, which uses wifi when I'm home.  

 

After a quick panic and searching around I determined it was the Router, so I did a hard reset and rebuilt everything and all is well.  I don't think I exposed anything critical.  I use a good password mgr and realized something happened right away.  

 

My network is an RBR50 and 3 satellites running RBRS50.  I also subscribe to Armor and have bit defender on the machine that seemed to start it all.  

 

I noticed two days later Microsoft and Apple had emergency patches.  Chrome too.  Netgear, nothing....  I can't provide any details of what exactly happened, but I assume I'm not alone.  Netgear, we expect more protection from you!!!  

Message 1 of 12
0 Kudos
Reply

Accepted Solutions
wolfereeno
Apprentice
Apprentice
‎2023-08-04 08:47 AM
‎2023-08-04 08:47 AM

Re: Orbi RBR 50 hacked - Netgear, what are you doing to protect us?

Thx, between coverage issues upstairs, and needing ethernet jacks for the NAS in the mezzanine area, I ended up with 3 satellites. One thing I didn't realize is that the 5G signals probably have a harder time penetrating the metal walls around the BR and that 2.4 would have been better.  

 

Anyway I appreciate your help.  But it's kind of for naught.

 

Yesterday the internet in our neighborhood went out and when it came back on, the RBR50 would not reboot.  Steady green light but nothing would reset it.  I tried all the methods I could find.  Even tftp would connect and seem to upload the file but then would fail.

 

So I went down to B&H photo and walked out with an ASUS XT9.  Setup was a breeze.  I'm trying just two units and opposite ends of the apartment.  We'll see if my wife notices I moved the NAS to the bedroom!  She wouldn't like it much in the living room either.  Setup and performance seems good so far and hopefully I can stick with just the two units. I like that both units can be  routers or satellites, which gives me options in case one fails or we move.

 

As for whether I was hacked a few weeks ago or the router was the initial stages of the router failing, who knows.  I still think it acted like a hack.  

 

The clincher to ditching netgear was seeing how many people report bricked RBR50s as well as how many have resorted to alternate firmware.  I just don't have time for all that.  So in the end if I can revive the RBR, great. Otherwise I'll just put the satellites on craigslist and be done with Netgear for a while.

 

Thx

View solution in original post

Message 11 of 12
0 Kudos
Reply

All Replies
FURRYe38
Guru Guru
Guru
‎2023-07-31 09:05 AM
‎2023-07-31 09:05 AM

Re: Orbi RBR 50 hacked - Netgear, what are you doing to protect us?

Highly doubtful the Orbi system was hacked.

 

What Firmware version is currently loaded?
What is the Mfr and model# of the Internet Service Providers modem/ONT the NG router is connected too?
Be sure your using a good quality LAN cable between the modem and router. CAT6 is recommended. 

 

What is the size of your home? Sq Ft?
What is the distance between the router and 📡 satellite(s)? 30 feet or more is recommended in between RBR📡 and RBS🛰️ to begin with depending upon building materials when wirelessly connected.

 

Has a factory reset and setup from scratch been performed since last FW update? A complete pull of the power adapters for a period of time after the factory reset then walk thru the setup wizard and setup from scratch with a wired PC and web browser. https://kb.netgear.com/22697/How-do-I-install-my-NETGEAR-router-using-the-router-web-interface
Recommend setting the default DHCP IP address pool range to the following after applying and a factory reset: 192.168.#.100 to 192.168.#.200.
https://kb.netgear.com/24089/How-do-I-specify-the-pool-of-IP-addresses-assigned-by-my-Nighthawk-rout...
I would power OFF the ISP modem for 1 minute. Factory reset the Orbi router and power it off. Power ON the ISP modem and let it sync. Then power ON the Orbi router and walk thru the setup wizard again using a wired PC and a web browser.
Press the back reset button for 15 seconds then release. 
https://kb.netgear.com/31486/How-do-I-reset-my-Orbi-system-to-factory-default-settings
https://kb.netgear.com/000062081/How-do-I-erase-the-configuration-settings-on-my-Orbi-WiFi-System

Message 2 of 12
0 Kudos
Reply
wolfereeno
Apprentice
Apprentice
‎2023-08-01 05:24 AM
‎2023-08-01 05:24 AM

Re: Orbi RBR 50 hacked - Netgear, what are you doing to protect us?

I can't say for certain what happened, however something was redirecting https traffic to http and if it wasn't for it being common for websites to warn you of this now, I would not have noticed this.  And this was happening from other computers on my network (mac and win) including one from work that's highly locked down.  Also, the fact that I could no longer log into the orbi admin screens or use the ios app are pretty strong indications of the router being hacked.  

 

I check for updates fairly frequently in either the IOS app or the web admin screen but haven't seen any in a while.  These are the versions post this incident.  I don't recall if I forced an update or not when I did the hard reset.  But I do use the Orbi app to check for updates often and always have.  Maybe the update function itself is not that reliable?   Just looking at my status screen now, why is one of the satellites running an older version yet orbi sees no update?

 

wolfereeno_0-1690891524024.png

The isp is spectrum and I use their modem.  DHCP is using that router range already.  The cable connecting the modem and the RBR50 is 2' long and probably fine.  Never had a problem like this before over several years.

 

The distance between sats and size of my home shouldn't make a difference.  My apartment is about 1100ft2 but is kind of a duplex.  Also there's an outdoor area but wall of the structure on the roof is clad in a metal siding, so there's a satellite just to provide more coverage there.  I started with one base and one satellite but then added the satellites to solve dead spots I couldn't resolve by just moving the sats around.  

 

Thx

 

 

 

Message 3 of 12
0 Kudos
Reply
FURRYe38
Guru Guru
Guru
‎2023-08-01 06:51 AM
‎2023-08-01 06:51 AM

Re: Orbi RBR 50 hacked - Netgear, what are you doing to protect us?

Because you can't seem to log in or use the orbi app is not an indicator of the system being hacked. You might scan all of your PCs with MalwareBytes to be sure nothing on your system is compromised.

 

Ya Auto Update has been problematic over the years. 

Also distances between the RBR and RBS can play a roll in how AU works. 

 

Sat#2 should be updated to same version as rest of system. You can manually update this RBS. 

 

For that size of home you have too many RBS running. I'd turn OFF two RBS. At least one RBS.

 

Has a factory reset and setup from scratch been performed since last FW update? A complete pull of the power adapters for a period of time after the factory reset then walk thru the setup wizard and setup from scratch with a wired PC and web browser. https://kb.netgear.com/22697/How-do-I-install-my-NETGEAR-router-using-the-router-web-interface
Recommend setting the default DHCP IP address pool range to the following after applying and a factory reset: 192.168.#.100 to 192.168.#.200.
https://kb.netgear.com/24089/How-do-I-specify-the-pool-of-IP-addresses-assigned-by-my-Nighthawk-rout...
I would power OFF the ISP modem for 1 minute. Factory reset the Orbi router and power it off. Power ON the ISP modem and let it sync. Then power ON the Orbi router and walk thru the setup wizard again using a wired PC and a web browser.
Press the back reset button for 15 seconds then release. 
https://kb.netgear.com/31486/How-do-I-reset-my-Orbi-system-to-factory-default-settings
https://kb.netgear.com/000062081/How-do-I-erase-the-configuration-settings-on-my-Orbi-WiFi-System
https://kb.netgear.com/9665/How-do-I-perform-a-factory-reset-on-my-NETGEAR-router

 

One User Experience/Configuration:
https://community.netgear.com/t5/Orbi/Most-Stable-Orbi-Configuration/m-p/1941087/highlight/true#M970...

Message 4 of 12
0 Kudos
Reply
wolfereeno
Apprentice
Apprentice
‎2023-08-01 07:09 AM
‎2023-08-01 07:09 AM

Re: Orbi RBR 50 hacked - Netgear, what are you doing to protect us?

FWIW, I was able to update the one satellite still running 2.7.4.24 to the latest manually by logging into the satellite directly. But I should not have had to do this if the main version check/updates worked properly.  

Message 5 of 12
0 Kudos
Reply
FURRYe38
Guru Guru
Guru
‎2023-08-01 07:12 AM
‎2023-08-01 07:12 AM

Re: Orbi RBR 50 hacked - Netgear, what are you doing to protect us?

Next time try turning OFF the other RBS and see of the one RBS that didn't get updated gets updated thru AU. Again, you may have too much wifi signal going on there thus can cause problems with AU updating to RBS correctly. If signals are noisy or poor then AU can't work well. 

Message 6 of 12
0 Kudos
Reply
wolfereeno
Apprentice
Apprentice
‎2023-08-01 07:30 AM
‎2023-08-01 07:30 AM

Re: Orbi RBR 50 hacked - Netgear, what are you doing to protect us?

I did a full reset of everything when I felt something was wrong.  I also became more diligent using the guest network going forward for anything that only needed internet but didn't require network sharing like kindles and ios.  I have a few raspberry pi and music oriented devices that use wifi too.  

 

I have bitdefender on all the machines.  Is Malwarebytes substantially better?   I use Microsoft's Defender AV on one Win 11 machine.  

 

You're repeating that it wasn't hacked, yet not being able to log into the admin screen and machines forwarding SSL links to non-SSL are top suspicious behaviors of a router hack. Performance was strange too but since I suspected something was wrong right away, I didn't spend a lot of time looking at speed.  https://us.norton.com/blog/privacy/how-to-tell-if-someone-hacked-your-router

 

One of the strangest behaviors was my iphone suddenly claiming that it's email certificate was invalid. The phone's managed by my work's MDM.  And this was only when using WIFI.  When I'd turn off wifi, no errors.  

 

As for too many satellites, the problem is the metal siding around the bedroom blocks the signal to the roof deck so there's a satellite by the sliding doors.  I didn't want this many satellites - as I mentioned I started with just two.  But with the levels and the deck issue, it grew...

 

Message 7 of 12
0 Kudos
Reply
FURRYe38
Guru Guru
Guru
‎2023-08-01 08:09 AM
‎2023-08-01 08:09 AM

Re: Orbi RBR 50 hacked - Netgear, what are you doing to protect us?

@wolfereeno wrote:

 

I have bitdefender on all the machines.  Is Malwarebytes substantially better? Yes. 

 

As for too many satellites, the problem is the metal siding around the bedroom blocks the signal to the roof deck so there's a satellite by the sliding doors.  I didn't want this many satellites - as I mentioned I started with just two.  But with the levels and the deck issue, it grew...

What is the distance between the router and 📡 satellite(s)? 30 feet or more is recommended in between RBR📡 and RBS🛰️ to begin with depending upon building materials when wirelessly connected.
https://kb.netgear.com/31029/Where-should-I-place-my-Orbi-satellite ‌‌🛰

Also try turning down the power output of the RBRs wifi radios from 100% to 50%. Under Advanced Tab/Advanced Settings/Wireless Settings

 

 

Message 8 of 12
0 Kudos
Reply
wolfereeno
Apprentice
Apprentice
‎2023-08-01 12:14 PM
‎2023-08-01 12:14 PM

Re: Orbi RBR 50 hacked - Netgear, what are you doing to protect us?

The main RBR50 and the modem are in the living room.  The next router is about 25' away up some stairs.  The other two are then up more stairs and at opposite ends of the bedroom by the windows.  It's an old nyc skinny NYC building that's about 15' wide and 60' long.

 

I could probably turn down the signals a bit.  Thought right now, everything's running normally (and pretty good).

 

floor.gif

Message 9 of 12
0 Kudos
Reply
FURRYe38
Guru Guru
Guru
‎2023-08-01 01:39 PM
‎2023-08-01 01:39 PM

Re: Orbi RBR 50 hacked - Netgear, what are you doing to protect us?

Where is this Mezzanine? Lower level under or near the bedroom where RBS 4 is? 

 

RBS 3 and 4 are too close to each other. You might try turning OFF #4 RBS. 

 

Ya, I'd turn down the power to 50% or 25% and observe. 

Message 10 of 12
0 Kudos
Reply
wolfereeno
Apprentice
Apprentice
‎2023-08-04 08:47 AM
‎2023-08-04 08:47 AM

Re: Orbi RBR 50 hacked - Netgear, what are you doing to protect us?

Thx, between coverage issues upstairs, and needing ethernet jacks for the NAS in the mezzanine area, I ended up with 3 satellites. One thing I didn't realize is that the 5G signals probably have a harder time penetrating the metal walls around the BR and that 2.4 would have been better.  

 

Anyway I appreciate your help.  But it's kind of for naught.

 

Yesterday the internet in our neighborhood went out and when it came back on, the RBR50 would not reboot.  Steady green light but nothing would reset it.  I tried all the methods I could find.  Even tftp would connect and seem to upload the file but then would fail.

 

So I went down to B&H photo and walked out with an ASUS XT9.  Setup was a breeze.  I'm trying just two units and opposite ends of the apartment.  We'll see if my wife notices I moved the NAS to the bedroom!  She wouldn't like it much in the living room either.  Setup and performance seems good so far and hopefully I can stick with just the two units. I like that both units can be  routers or satellites, which gives me options in case one fails or we move.

 

As for whether I was hacked a few weeks ago or the router was the initial stages of the router failing, who knows.  I still think it acted like a hack.  

 

The clincher to ditching netgear was seeing how many people report bricked RBR50s as well as how many have resorted to alternate firmware.  I just don't have time for all that.  So in the end if I can revive the RBR, great. Otherwise I'll just put the satellites on craigslist and be done with Netgear for a while.

 

Thx

Message 11 of 12
0 Kudos
Reply
FURRYe38
Guru Guru
Guru
‎2023-08-04 09:06 AM
‎2023-08-04 09:06 AM

Re: Orbi RBR 50 hacked - Netgear, what are you doing to protect us?

Yes, higher frequency is more susceptible to building materials. Nature of the beast for any wifi router.

 

Try a 30-30-30 reset. 

Possible failure of the FW as well. 

 

Good Luck. 

Message 12 of 12
0 Kudos
Reply
Top Contributors
See All
Discussion stats
  • 11 replies
  • ‎2023-07-26 05:45 AM
  • 2040 views
  • 0 kudos
  • 2 in conversation
Announcements

Orbi WiFi 7