Wireless Insecurity

Looks like the wireless routers we all use are getting some attention. And not for the insecurity we all know about in 802.11x. Last week the Linksys WRT54G was reported to allow remote users access to the admin console even if remote access was turned off. If a user hadn’t changed the default password that was an immediate problem.
What could happen? I’m just thinking here, but a hacker could potentially set the linksys to allow all ports through to your desktop. So all you people who have been letting the linksys do the work, and not running a desktop personal firewall and not doing you’re patching would be in serious trouble.
Is something like this going to end up in a worm? More likely a hacker would scan a range of known cablemodem/dsl IP addresses to collect vulnerable linksys routers. Then they’d do the work of changing the machine as necessary, then they’d try to own your box. Just when you think you’re secure, you’re busted.
Enough about last weeks vulnerability. This week the NetGear WG602 is reported by ARS TECHNICA to suffer from a trapdoor left by a Netgear partner.
Any user logging in with the username “super” and “5777364” is in complete control of the device.
Fortunately this cant be accessed by just anyone on the internet like the Linksys problem.
Unfortunately, they dont seem to provide us with a way to restrict administration to only the WIRED portion of the local network! The Orinoco would allow us to not let wireless users administrate the product.
So to hack my Netgear you need to be in my house connected via the wired network, OR you could be outside my house trying to first break my wireless security. Of course if you did either of those, you’d pretty much have direct access to my network anyway.
With all the easier targets out there, you’d need to specifically be after me to go to all that trouble to break into Netgear.
In an informal survey of system between my home and office, more than half were running Linksys. I did not stop to see if the Linksys routers were vulnerable. ๐Ÿ™‚