Router creds admin/admin? Lizard Squad thanks you Console DDoSers Lizard Squad are using insecure home routers for a paid service that floods target networks, researchers say. The service crawls the web looking for home and commercial routers secured using lousy default credentials that could easily be brute-forced and then added to its growing botnet. Researchers close to a …
All the ISP supplied routers I've seen in the last few years have had randomly generated admin and wireless passwords, which are then printed on a sticker, so this is less of an issue than it used to be.
Certainly Virgin, BT and Sky (who between them must cover the majority of the UK) all do.
Well the random generated user-side 'admin' etc accounts on a sticker is great, but don't most (all?) soho routers come with multiple TELCO/wan side default accounts? 'Lawful Interception' backdoors I guess...
I'm just soldering my BusPirate onto some (widely selected) small devices now, in the search for "forgotten"/"interesting" things...
I'm fairly sure (as in, I have 1st hand experience of this so it's true) that at least one of those ISPs you mention stick a default administrator password (easily guessable) on the router and the installation engineer is supposed to make you *ahem* change it, on installation.
If you don't then you have a *very* insecure home router.
The wireless passwords do all seem to be randomly generated, though.
Of course a procedurally generated password can appear random to human eyes. I'm fairly certain that in the not so distant past one of the bigger ISPs "random" wifi password could be calculated from the "random" SSID. Of course this doesn't allow for the remote access discussed in the article, but I wonder if a similar password procedurally generated from the MAC address poses a risk?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
