Jump to content
RESET Forums (homeservershow.com)
schoondoggy

WiFi router vulnerability

Recommended Posts

FiLiNuX

People don't care.  No not about your post!!! :)  About wireless security that is.   Or at least not until they get their Visa bill with 10K in hosting charges on it or some official knocking on their door about the illegal acts piping through their router with their IP & mac address .  Look at the number of open wireless access points out there STILL!  Or ones where people are running WEP / WPA that can be cracked in minutes with about anything running Linux.  

 

I made a joke a while back while talking wifi security with some friends saying " My neighbor is the biggest pirate of downloadable copyrighted material in the Midwest,,,AND HE DOESN"T EVEN KNOW IT!!!"  

 

Good article though!!

Share this post


Link to post
Share on other sites
ikon

Would love for these guys to do some tests on the 3rd party firmware and how secure/unsecure it is.

 

Despite there being some unprotected Wi-Fi still around, I have noticed over the past few years that their number has decreased dramatically.

Share this post


Link to post
Share on other sites
JayBee

even WPA2 is accessible easily as most people don't use secure keys so a good bruteforce dictionary will get you in 99% of the time... WPS also has a vulnerability which allows tools like reaver free reign. WEP is still pretty common in Australia, I occasionally run a war drive setup on my way to work and back then look at the results via google maps and repeatedly get amazed at the amount of WEP that's still out there....

Lots of completely insecure wifi as well that's left completely open, I've cleaned up my immediate neighbourhood by informing a few of my neighbours about their dodgy practices and they were completely unaware of just how insecure they were. They thought for some reason that wireless doesn't extend pass their house... Some people are still really ignorant when it comes to technology. Wireless security is a hobby of mine and it's good to see it's improving, albeit slowly.

 

Share this post


Link to post
Share on other sites
ikon

I did a few walk-arounds in my neighbourhood a few years back and informed people how vulnerable they are. Most were grateful for the info.

 

I am finding that most Wireless Access Points in my town generally have protection enabled, most often WPA2. I can't speak to how good their keys are, but WPA2 does require a certain length of key, so that helps. Also, almost all consumer routers sold in my area have remote administration of the router disabled. I wonder how that compares to routers sold in other areas.

Share this post


Link to post
Share on other sites
FiLiNuX

CNET did a article almost exactly the same as the one the OP linked and one of the security experts said 

 

""The best thing you can do is install a third-party firmware, such as OpenWRT or Tomato,"     

 

Another quote on their I LIKED A LOT ;

 

""The best that a person can do is to roll their own using the Marin, Ca.-based Untangle, which takes any spare PC and turns it into a wireless router."  FiL ->(NO FOLKS Its NOT because they said "roll  your own" its because they praise a Linux product :)  

 

 

The AMAZING SECURITY of Tomato, DD-Wrt, Untangle, etc, etc, has been tested and proven again and again leveraging the strengths of Linux.  

 

Ikon is right that the number of unprotected wireless networks is decreasing BUT I think thats largely due to factory settings & how the software sets up these networks for people.  

 

  "remote administration of the router disabled."  I have found many people are given a false sense of security by this setting.  Remote administration is disabled on almost ALL consumer routers & 3rd party firmwares even but if I am breaking into your router through WiFi it isn't going to stop anything.  I have seen it again and again even if people setup strong WiFi Security the router user name & password are still set to the default.  Once I am on that network I am no longer remote administrating.   

 

Once again OP GREAT POST!  I now have a new post it note to see how this unfolds. 

Share this post


Link to post
Share on other sites
ikon

Yes, but you do have to be able to break into the network on the LAN side. On WEP, it's trivial; on WPA it's possible, but not simple; on WPA2 it's a lot more difficult.

 

I do agree, leaving the default username and password is reckless. Even on routers that don't allow the username to be changed, the password should be changed to something really strong.

Share this post


Link to post
Share on other sites
FiLiNuX

"Yes, but you do have to be able to break into the network on the LAN side."

 

I don't understand what you mean on the LAN side.  I was basically just saying people think that "Remote Administration" being disabled is not what a lot of people think. ( If I can log on to your wifi , either because its open or because I Aircrack-NG it etc etc, and your router username & password is the default ones, its owned.

Share this post


Link to post
Share on other sites
KydDynoMyte

Even my fake Cisco Linksys home router has a seperate option for wireless admin access. Now if it actually works is another story. Turning on https remote access on it wont work with Firefox, Chrome, or IE. But it works for the browser on my phone, go figure.

Share this post


Link to post
Share on other sites
ikon

"Yes, but you do have to be able to break into the network on the LAN side."

 

I don't understand what you mean on the LAN side.  I was basically just saying people think that "Remote Administration" being disabled is not what a lot of people think. ( If I can log on to your wifi , either because its open or because I Aircrack-NG it etc etc, and your router username & password is the default ones, its owned.

 

My point is that it's not that easy to log onto a Wi-Fi router that has a good WPA/WPA2 key. The cracking tools only go so far in this regard. Now, some of the recently discovered weaknesses may help, but over the years I have challenged quite a few people to crack both my home Wi-Fi and routers at work. WPA2 is used for both locations. Individuals, and security firms, have tried. To date, none have succeeded.

 

In a sense, if they can't get a session on the router, then the admin ID and password are moot (as long as remote admin is disabled).

 

Even the makers of AirCrack-ng admit that it can only crack Pre-shared keys, and even then only if the keys are in a dictionary or relatively short. Neither of those is true in my case.

 

I've had to set up several corporate wireless LANs, so I've paid quite a bit of attention to the security. I pretty much always hire a speciality firm to test for vulnerabilities on the corporate ones. Wireless LANs do make me nervous but, so far, some prudent configuration has kept home and work secure.... keeping my fingers crossed :)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now



×
×
  • Create New...