My router is not secure! - Security & Cryptography
Users browsing this thread: 5 Guest(s)
|
|||
Today, I switched ISPs, and now I'm in Turkcell Superonline (really doesn't matter who. They are all evil, after all) and they gave me a brand new router (actually, I do not own it, I have it as long as I'm using their services).
The router is an AirTies Air 6372, with the firmware 6372SO. Right in the moment I saw the firmware was also branded by Superonline, I became furious and looked everywhere in the web interface if I could see something going wrong. And I discovered that, * device logs and reports aren't accesible * every text in "port forwarding" is removed yet the form is there And they actually forgot removing one little button which read "advanced" in a "quick reports" type of a tab (which didn't really tell much). I clicked on it, and bam! "Access denied." Now for the big deal... "Remote Management". I went there, to see that "Ping", "Telnet", "Web" are all checked, but in the "IP List to Allow Access" list, there were pre-defined networks, and when I ran whois on them, I found out that they all belonged to Superonline! Great... So I deleted them all, and tried to add my own IP address. Didn't work, the input was disabled. I did some HTML trickery (inspect element, remove lines, etc.) to get past the obstacle and added my own server's IP. And it showed on the list, but I couldn't telnet into it (connection refused) Ran a nmap on the router to find out a dozen of irrelevant ports open to the public. Backdoors, I'm afraid! I have VoIP phone records, passwords, MAC addresses, or even private information (carried on the router by the USB host feature) on my router. Nobody except me should be able to access it all. The ISP is solely responsible with giving me an username and a password. Which brings me to my last point, on the router, I have an admin account, yes. In my previous router which was also an AirTies, I had an admin account too, but I wouldn't enter a username. But this time, I had to use the default username "admin". Which trivially proves that there are other login accounts on the machine, and one of them are presumably the highest level administrator, equal to the root account. When you ask the manufacturer for the details, they kindly ask you to piss off. Taking into account the fact that they have root access to my router and they won't give it to me, am not I in a very dangerous position in terms of security and privacy? Can't they easily adjust the Quality of Service settings on my router, without my knowledge, and render forwarding the ports useless? I live in a country where the government does MITM attacks using fake root certificates, and I could easily say that this compant has close relations with the government and my personal information could be at the evil hands of capitalism right now. And all of this, is for what? Okay, my connection is limited, that's OK, but this is certainly a wreck for power users. If they get my data, they really won't be interested in my Facebook passwords, but rather my daily habits, etc. and provide more suitable ads personally for me, just so I hand my money off to them at my own free will. I really need help from you guys, as you can clearly see, I'm worried. |
|||
|
|||
This might be a stupid comment, but could you not install tomato firmware on this router? I don't know if this fixes some problems or not, just thought I'd try!
--
Unix is user-friendly. It's just picky about who its friends are. |
|||
|
|||
Can't you just buy another router to replace the one they gave you by adding the same connection informations to the new router?
|
|||
|
|||
(21-06-2014, 11:57 PM)exp0sure Wrote: This might be a stupid comment, but could you not install tomato firmware on this router? I don't know if this fixes some problems or not, just thought I'd try! My make/model isn't supported in any of these firmwares. (22-06-2014, 02:32 AM)venam Wrote: Can't you just buy another router to replace the one they gave you by adding the same connection informations to the new router? I can, but do I have to? Is this really what I must do in the end? |
|||
|
|||
You can get routers for a really cheap price these days. Furthermore, you might need it for some other networking projects. Buying a router is the way to go.
|
|||
|
|||
New router is the way to go like venam said
|
|||
|
|||
1) is the "router" in routed mode, or pass-thru? The easiest way to tell is whether you get a public IP on your box when you get an IP -- if you do get a public IP, then its in pass-thru mode.
2) Regardless of whether you're in routed or pass-thru mode, you should probably stand-up a firewall between their link and you. My advice: subscribe to a VPN service and have your firewall automatically establish a VPN to said service so everything leaving your local link is encrypted. This prevents the NSA (or its local equivalent) from being able to eavesdrop your link. 3) If you can spring the cash, get a commercial firewall such as a Palo Alto Networks PA-200 or a SonicWall NSA220. If you can't, take an old workstation and throw a second NIC in it and load your *nix of choice (pf-tables makes a great little firewall.) |
|||
|
|||
It is ridiculous how many vulnerabilities there are in modern routers. For example, my modem has a default anonymous FTP account with no password, that I've personally checked is pretty damn hard to find unless you specifically google the router for similar information.
|
|||
|
|||
(24-07-2014, 07:17 PM)dami0 Wrote: It is ridiculous how many vulnerabilities there are in modern routers. For example, my modem has a default anonymous FTP account with no password, that I've personally checked is pretty damn hard to find unless you specifically google the router for similar information. It is pretty much the same for anything coming from factories in China or any other factory. I once realized a security system had captured something on film that I didn't want it to capture on film, so I tried to telnet into the IP of the main system and got a response. I figured it was running some type of *nix and naturally assumed such a small system would be running something like busybox. I googled the default password for the root account provided with busybox and sure enough, it worked. I logged in and rm -rf'd the entire system. No video evidence for you, faggot. |
|||
|
|||
It is pretty much the same for anything coming from anywhere. The security situation for CPE has been horrible for a decade, or maybe even more, but only since the first big discoveries security researches have focused on it more and more the whole situations has been brought to public attention.
|
|||
|
|||
yes they have firmware with backdoors... just came out week ago
root with passwords: SoL_FiBeR_1357 dsl_2012_Air ... |
|||
|
|||
you could try and flash tomato or dd/open wrt, but since you don't own the router they might try and charge you for it in the end (voided warranty). i suggest just getting a new router and using it in it's place, they're cheap and easy to install.
|
|||
|
|||
you should look my tweet here bro: https://twitter.com/PvtMert/status/550389044983898112
and https://twitter.com/PvtMert/status/550388186334396418 |
|||