BT Routers
Please dont try and pwn these, They keep on locking us out further and further and just making our lives a misery when we need to get into the guts of them.
or better yet pwn it so badly i can demand a newer model :D
Gird your loins router-makers: a throng of hackers are set to pry apart your woefully insecure hardware in a competition to expose bad firmware and hard-coded credentials. The competition will take place at the DEF CON 22 conference and glories in the name "SOHOpelessly Broken". The event is the brainchild of the Electronic …
Except if the router is insecure then it becomes perhaps possible to get around them locking you down. I know getting root on my DSL router took a webui hack (granted on LAN and not WAN side) not allowed by my ISP but allowed me to tell what kind of QOS the router could run (a complete joke, as well as Linux kernel from 2005 or so) and that I needed my own home router (with DSL in transparent bridge mode) if I wanted a decent QOS setup.
I think this is a great competition, it will help us know which manufacturers are taking the mickey.
Several makes I avoid now by finding out myself you can't do simple things like change the admin username. Although I hope the exploits are not revealed until the manufacturers have had a chance to patch them.
And before any troll complains that it's "pwn" not "p0wn", consider that the 0 is adjacent to the p on the keyboard, meaning it's just as feasible for someone to miss the o and land BETWEEN the p and the 0, hitting BOTH at the same time and producing "p0". I've been known to hit two keys at once with my fat fingers.
Good to see this exposure going on. Though I don't see the point in bricking or denial of service as this just makes the owner replace them with a new one. It is the hijacking that is sneaky. I had some TP-Link routers out with (home user) clients, all sub-£50 kit. At the start of the year they had DNS settings changed from the WAN side even though they were "secure" with no external ports open. Access to Facebook or Google would get redirects to ask them to "install a Flash update". Clever little hacker.
In this case, TP-Link had new firmware out within a month for the current models. For the older models, they happily swapped them on their 3 year warranty. Surprisingly good service. (I don't work for TP-Link)
@Ragarath: Don't avoid *manufacturers* if you can't change the Admin Username. This is often a model specific thing. Pay more, get more features. Those basic ADSL routers I mentioned above had fixed usernames, but only a tenner more up the range and the username can be edited.
Worst are the ISPs who supply routers that are "password protected" to their clients and then refuse to let the client have access to the router. You have no way of checking if they have been hit or not!
"Screw Buffalo" for their lack of firmware updates. Agree with that.
Funnily enough, while dealing with the TP-Link router replacements I found a client with an old-ish Buffalo router. Clearly had the same identical hardware and firmware as the TP-Links I was swapping out. Admin pages were identically laid out. All except for the colour and company name in the corner.
They were so identical that the exact same DNS compromise was visible. Hacked from the WAN in the same way. Yet trying to locate updated Buffalo firmware was impossible. So that Buffalo router was upgraded with a large hammer and then replaced with a different brand.
I get a feeling many of these big brands have low end routers all from the same basic cheap source. So basic that they can't even have a Tomato put on them. I then assume that the manufacturers don't like fixing them as it looks like "wasted" money to them. Yet the actions of TP-Link honouring that three year warranty has me buying more and more of them.
Eh? Is that the Virgin Cable Router with the default password of "changeme"? Which then insists on being changed the first time you use the admin control panel?
I always tell my clients to never trust the guy who installs the kit. I have heard some "interesting" advice from these people before.
Don't forget Gargoyle (probably enough like OpenWRT to not be strictly necessary) and CeroWRT (different enough worth testing) as well. Finally if the hackers want to be epic they should try breaking into pfSense, M0n0wall, or even a cut down install of OpenBSD routers/computers as well.
Darn missed edit period. Actually Gargoyle probably should be tested as many vulnerabilities are in the Web UI (which can be a vulnerability if an attacker can get on the LAN side). and is different. Also Gargoyle IMHO is the best of the bunch, very noob friendly UI, as well as having easy to modify qos scripts for the nerds and having the only efficient working ACC I have seen (modifies download limit on the fly so bandwidth is maximized without QOS breaking down). The only real drawback is it is currently on the somewhat dated 3.3 kernel (so some wireless improvements and new equipment might not be supported) but stability and performance wise its hard to beat.