Sign in / up

back to article Router creds admin/admin? Lizard Squad thanks you

Console DDoSers Lizard Squad are using insecure home routers for a paid service that floods target networks, researchers say. The service crawls the web looking for home and commercial routers secured using lousy default credentials that could easily be brute-forced and then added to its growing botnet. Researchers close to a …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Anonymous Coward

    And how many of the effected routers are ISP supplied...

    Whilst there has been holes they do get patched for old kit, so its just another good reason to run dd-wrt/openwrt/tomato/gargoyle or if your x86 inclined i would suggest pf sense :)

    0 1 Reply
    1. phuzz Silver badge
      Reply Icon
      Thumb Up

      All the ISP supplied routers I've seen in the last few years have had randomly generated admin and wireless passwords, which are then printed on a sticker, so this is less of an issue than it used to be.

      Certainly Virgin, BT and Sky (who between them must cover the majority of the UK) all do.

      2 0 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Well the random generated user-side 'admin' etc accounts on a sticker is great, but don't most (all?) soho routers come with multiple TELCO/wan side default accounts? 'Lawful Interception' backdoors I guess...

        I'm just soldering my BusPirate onto some (widely selected) small devices now, in the search for "forgotten"/"interesting" things...

        0 1 Reply
      2. Sir Sham Cad
        Reply Icon

        Re: randomly generated admin and wireless passwords

        I'm fairly sure (as in, I have 1st hand experience of this so it's true) that at least one of those ISPs you mention stick a default administrator password (easily guessable) on the router and the installation engineer is supposed to make you *ahem* change it, on installation.

        If you don't then you have a *very* insecure home router.

        The wireless passwords do all seem to be randomly generated, though.

        0 0 Reply
        1. Robin Weston
          Reply Icon

          Re: randomly generated admin and wireless passwords

          Of course a procedurally generated password can appear random to human eyes. I'm fairly certain that in the not so distant past one of the bigger ISPs "random" wifi password could be calculated from the "random" SSID. Of course this doesn't allow for the remote access discussed in the article, but I wonder if a similar password procedurally generated from the MAC address poses a risk?

          0 0 Reply
  2. Dr Scrum Master

    Dear Lizard Squad,

    Please do something useful such as launching a DDoS against website with auto-play videos on their pages.

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like