One of the big pushes with ISPs is that they are there to help you and will provide you with everything you need to connect your home. Here in Central Florida we are bombarded by Bright House commercials and how they are here to help. In more than one case the techs they send out are contacted from another company to perform the installations and have very little knowledge of the products they are installing. Just recently I had one tell a friend that they “could not” use their router with their new RoadRunner hardware. They said it was incompatible and sold them a Bright House provided modem with “firewall” and wireless access point. Unfortunately the tech that set up the wireless portion used WEP as the encryption type and then made things worse by using a simple password. It was easily broken into with freely available tools in less than 5 minutes.
However, even beyond this type of happening (which happens more than most might want to believe) the researchers that we talked about have found that some of the hardware cannot even be secured at all. Chris Naegelin found that a certain model (commonly used) from Arris (the TG852) does not have some very basic security available to protect anyone using it.
One of the first things that Neagelin found was that users are unable to set their own WiFi passwords on the devices and are forced to use whatever is setup by the manufactures. The most unbelievable part about the hardcoded password was that it is nothing more than the model number of the device combined with the last six characters of its MAC (Media Access Control) address. This makes the device exceptionally simple to hack from the outside of the network. Using simple and readily available tools you could find one of these wireless routers, sniff the packets to get the MAC address, and you are in.
Things actually get worse from there though. In addition to the simple and non-changeable WiFi password Naegelin found that the admin password that allows you to change settings in the router is very insecure. Although it does change daily the algorithm that picks the new password is based on the current date. He found, much to his surprise that someone had already developed a way to generate the right password for the Arris TM602A that also worked with the newer TG852; what’s more the password generator is available online!!
With this in hand someone would be able to do a ton of damage. However, it turns out that they would not even need it. All they would have to do is know how to format proper SNMP (Simple Network Management Protocol) commands and they could do whatever they wanted without needing the admin password. Right now there is no true count of the number of Arris routers that might be affected by this complete lack of security. So far Comcast has claimed that they use a different model of Arris modem with custom firmware and security settings. Some say that airing this type of issue only helps the hackers that exist on the internet and in a way they are right, however there is a flaw in that logic. If someone can find that vulnerability in the same way the Naegelin did it is very likely that someone else will. If that person is malicious they would use it on a number of unsuspecting people and cause how knows how much damage. By bringing these types of flaw and sheer lack of proper security to light it forces companies to the right thing and fix these flaws before people are injured. We have seen this happen more and more as attacks increase. The security that should have been there all along is now put into place and properly maintained. The people at fault here are the manufacturers and service providers that try to cut corners to extend their own profits, while leaving their customers at risk. Tp be very honest with you we have to wonder how many other devices provided to customers by their ISPs are open to attack and if they already know about it, but just do not want to spend the money to fix it.
Discuss this in our Forum