How secure is your wireless modem?

One of my computer-savvy friends visited today and told me how to hack into someone's wireless modern to have free internet access. It seems there are a bunch on little programs floating around that ride in on a wi-fi signal and retrieve the modem's password. They can only retrieve the default password installed by the manufacturer. If the user changes the password, the new one is stored in a secure place where it can't be hacked.
So, if you don't want the kid next door stealing bandwidth while you are trying to watch a movie on the web, change your modem's password.

I'm not sure how they could get the modem password and not a changed modem password. Either nothing or both. Perhaps a more savvy network type can weigh in.

You can build a house with high walls, razor wire, alarm systems etc.
But if a real thief wants to get in they will. In fact those are the houses that a real thief targets, because they beleive you have something worth stealing.

Is bandwidth worth stealing? If it is then consider it stolen.

Paranoia strikes deep, into your life it can creep.
It starts when you're always afraid, step outa line, the man come and take you away.

Chill

you nailed mr. zen woodle

HelperGuy wrote:I'm not sure how they could get the modem password and not a changed modem password. Either nothing or both. Perhaps a more savvy network type can weigh in.

Probably a better way to put it would be to say that a hacker could use the default password which is usually pretty available in most manuals to get in as most people do not bother to go in and change it although that is what is recommended. But, if the user changes the default password, like they are supposed to, a hacker can not get in using the default password.

HelperGuy wrote:I'm not sure how they could get the modem password and not a changed modem password. Either nothing or both. Perhaps a more savvy network type can weigh in.

They do it by using a collected list of passwords the manufactures use for example "admin".
They don't break into the modem, they logged on with default password which is public basically.

Z

OK, I am confused. I thought the only way to access the modems software, to make password changes etc., was to be "hard wired" to the computer. As far as the password to connect wirelessly goes it is usually either "unprotected" whereby you can create your own or supplied with a 13 digit WEP Key #. Very difficult to hack.

Don't use WEP, use WPA as it is much more secure.

Key Management and updating is poorly provided for in WEP Secure key management is built-in to WPA, so key management isn’t an issue with WPA. Message integrity checking is ineffective WEP message integrity proved to be ineffective. WPA uses a Message Integrity Check (MIC) called, Michael! Due to the hardware constraints the check has to be relatively simple. In theory there is a one in a million chance of guessing the correct MIC. In practice any changed frames would first need to pass the TSC and have the correct packet encryption key even to reach the point where Micheal comes into operation. As further security Michael can detect attacks and performs countermeasures to block new attacks.

Okay, I'll run through a couple of things.

- Yes, it's easy to get the basic passwords for third-party routers. They are available on the website. It is pretty hard to change that password unless you have direct access, as CBob suggests. And any router can be reset to factory defaults if the password has been changed by the owner. Again, however, you need direct access.
- However, I believe the topic is wireless access, and that does not require or have anything to do with the modem. There are techniques that allow you to discover the router wireless security key (WEP, WAP, etc.) as long as you can see the signal. This is, however, extremely difficult and time consuming and in no way can be accomplished by a casual, or even serious, passerby.
- There is no need to change any password: what the perp is looking for is a way in. As soon as he discovers it, he can log in and ignore the password (unless part of his jollies comes from changing it on you).
- Commercial IP modems each have their own password requirements. For example, TelMex modem/routers have a built-in set. You can see the ID (a very weird email address), but not the password. This set is the same across the board. They do this to prevent the millions of phone calls that come in when the local TelMex office neglects to set you up with your own set for logging in. Even if you do get your own set, you do not need to use it (imagine the fun when, resetting your modem because you lost the Internet, you then had to remember --a perhaps non-existent-- ID and password).

So in the end, remember the distinction between getting access to the modem or router, and getting access to your network (everything that's plugged into the modem). And if you don't use wireless, it can be turned off; once that happens, no one can get in.

CanuckBob wrote:OK, I am confused. I thought the only way to access the modems software, to make password changes etc., was to be "hard wired" to the computer. As far as the password to connect wirelessly goes it is usually either "unprotected" whereby you can create your own or supplied with a 13 digit WEP Key #. Very difficult to hack.

Knowing the password is not enough, you have to give invited guests the "Security Key" for them to use the WI-FI. (IN or near the house)

(But while I was unsetting then resetting they were able to get on/through with their I-phones)

lifehacker wrote:

I have the open-source router firmware DD-WRT installed on my router and I was unable to use Reaver to crack its password. As it turns out, DD-WRT does not support WPS, so there's yet another reason to love the free router-booster. If that's got you interested in DD-WRT, check their supported devices list to see if your router's supported. It's a good security upgrade, and DD-WRT can also do cool things like monitor your internet usage, set up a network hard drive, act as a whole-house ad blocker, boost the range of your Wi-Fi network, and more. It essentially turns your $60 router into a $600 router.

Thats like those flashrouters I posted, but they also have VPN firmware burned in, customized to the VPN service you select.

CanuckBob wrote:OK, I am confused. I thought the only way to access the modems software, to make password changes etc., was to be "hard wired" to the computer. As far as the password to connect wirelessly goes it is usually either "unprotected" whereby you can create your own or supplied with a 13 digit WEP Key #. Very difficult to hack.

Telmex can log onto your router/modem (telmex box) over the network. If they can I can't imagine why the bad guys couldn't.
I was lucky enough to work with some high level security folks and I learned to never say never quite quickly. We were after
some Russian hacker and man was he/she was smart.

Z

Zedinmexico wrote:

CanuckBob wrote:OK, I am confused. I thought the only way to access the modems software, to make password changes etc., was to be "hard wired" to the computer. As far as the password to connect wirelessly goes it is usually either "unprotected" whereby you can create your own or supplied with a 13 digit WEP Key #. Very difficult to hack.

Telmex can log onto your router/modem (telmex box) over the network. If they can I can't imagine why the bad guys couldn't.
I was lucky enough to work with some high level security folks and I learned to never say never quite quickly. We were after
some Russian hacker and man was he/she was smart.

Z

That's not only because they are networked into every router they have in their system... but because the ID and password is the same for all. And of course there is always a back door built in for the ISP to use.

OK this is how I have my WiFi set up. But before I get into that I want to say, I use cat5 for everything I can. However in today's environment with smart phones and tablets you are forced to have WiFi as part of your infrastructure. So my first layer of security is that I do not broadcast my ssid ( not secure in its self). My next layer is I use WAP encription ( not secure in its self or with layer one). My last layer is I use Mac authentication (this is were most of my security comes from). Truth be told it is all but impossible to completely secure a WiFi network. My goal is to make it so difficult that the average curb slug will simply move to the next spot. With that said the way I have secured my WiFi has also required me to administer the network any time someone new wants to join it. I started war driving about 12 years ago and have experimented with every thing from the pringals can to the pinaple. Security alway plays a balancing game with convenience. So if you are not willing to give up any convenience just be weary what you have on your network. Just my $.02