Log4j malware and Amazon eero 6 routers

[Len Walther]

This morning, I listened to Steve Gibson's Security Now podcast #850.   It has a substantial segment on the extremely dangerous Log4J malware.

It mentioned that Ubiquiti routers are vulnerable.   My question, is, is my new Amazon eero 6 router vulnerable?   Would I need to purchase their Secure+ subscription, to be protected?  I don't need parental controls, and have no Internet of Things devices to protect.

As for Log4j, it initially targets networks, but then burrows deeper, up to 8 levels deep, and after infecting a network server, can attack others.   Steve Gibson says it could take up to four years to fix.   In the meantime, Ransomeware bad actors are jumping on this vulnerability, especially for future delayed attacks.

Any comments, would be welcome.

Len W.

[Charles Gousha]

Aha, found it.

from: nsweaves

· eero Co-Founder/CEO

eero devices and mobile apps do not use the log4j library, and are therefore not vulnerable to the attack. Any eero services that were using an affected log4j version have been addressed, and are not vulnerable to the attack.

So you're safe.  Any such attacks are going to be almost entirely aimed at internet servers, so you're not likely to even be considered as a target by the bad guys.

That being said, keep track of your various internet accounts. Those ARE the targets for these attacks. Pay attention in particular to notes from https://haveibeenpwned.com  and NEVER use the same password on more than one account.

Charles Gousha   leader - Silicon Valley Mac User Group

http://www.svmug.org

User group meetings 7pm, third Monday of each month