[0xDEAFBEAD]

>BlackTech actors bypass the router's built-in security features by first installing older legitimate firmware [T1601.002] that they then modify in memory to allow the installation of a modified, unsigned bootloader and modified, unsigned firmware [T1601.001].

I wonder how best to handle this kind of downgrade attack. Is reverting to an older firmware version an intended, supported feature? If so, I assume it's present in case the customer has a problem with the latest firmware and they want to revert. Maybe it makes sense to implement some restrictions on reversions -- e.g. they can only be done with physical access to the device, and it becomes impossible after an upgrade has been in place for 1 month say.

The focus on international subsidiaries was very interesting to me. I wonder what, specifically, it is about a subsidiary that makes it a softer target. Perhaps it's easier to gain physical access to a subsidiary office.

[somat]

If you are at the stage where you can install firmware on a router. Several critical security barriers have already fallen.

[slimsag]

Just do what game consoles do: add hardware fuses that are expected to be blown depending on the version, and have the bootloader verify the number of fuses blown on boot. Then the device becomes a brick if it tries to boot an older firmware.

[loeg]

Really bad customer experience if there is a regression in a new firmware version, though.

[Abby0]

Actually, the current router I have does have a security feature that prevents the user from downgrading the firmware.

I think its more common on recent routers as well.