Wireless routers are very common in homes in China nowadays. Unfortunately, properly secured wireless routers are not. Many are still not configured with a network key. This creates a serious security problem.
To demonstrate, just from my home I can easily find a wireless router with no network key. Most of these routers provide a DHCP service, so my laptop can obtain an IP address and access the Internet using that router.
Having obtained an IP address, I run the command “ipconfig /all” to get the IP address of the gateway (router). Then I access that IP via HTTP using Internet Explorer. I get a prompt for a username and password. From this prompt, I learn that the router is manufactured by TP-Link. I easily find the default username and password for this router online. I try the defaults, and I am in luck.
I am now logged into the wireless router’s administration page. No advanced technology was needed. To a person with malicious intentions, the possibilities are great.
To test how prevalent this problem is, I use my mobile phone with WiFi capability and find many wireless routers around my home. Many are not secure, and many have the default admin username and password.
So secure your wireless router. Changing the default admin password and setting up wireless security just takes a minute, but it goes a long way in preventing a big security problem.
March 27th, 2008 at 12:12 am
My advise for wireless routers vendors is, make every router’s password random and unique. Write it on the back of the router, so this will defeat “Default Password Login Attack”.
For tech people, change the password weekly, to be secure.
Password management is not for computer accounts only, but also for networking/security devices. I’ve accessed many wireless routers using “admin/admin” or “admin/password” combination.
ISP’s should follow this, because they usually install “DSL modems + wifi” using the default vendor password.
http://extremesecurity.blogspot.com