A few weeks ago, one of my co-worker showed me how he monitors his home internet connection remotely using DynDNS. After answering a few of my questions, I realized that all he was doing was putting his wireless router’s web configuration console on port 80. I cautioned him that this was a really bad idea as hackers love these kind of trivial-to-hack devices. But he seemed to doubt that the danger of being hacked was really low and insisted that it was safe enough. Long story short, with the incentive of a free lunch, I decided to take the challenge of hacking into his system.
The result? I got my free lunch (I am not going to give any detail on the techniques I used. But many of these similar techniques are readily available on the internet and some do not even require any technological background at all!), and it took me just a few minutes to render his site inaccessible from the outside world.
Since most of the cheap routers (wired and wireless) are primarily targeted for home use, their design of their security systems were often quite simple, and thus their capabilities were quite limited. Thus it is much easier to break into these systems then do full fledged operating systems (in general of course). My co-worker’s router was a Belkin Wireless G Router F5D7232-4, and apparently it has some serious security flaws including this one: no default password (he did set his password, otherwise the hack would have been even more trivial).
This particular Belkin router actually has a mini Linux OS built in, and this brings another point why we shouldn’t leave its administrative web interface accessible over the Internet: since the device is cheap and has to support the Linux kernel, the kernel could not have been powered by any powerful CPUs. And thus, even a small amount of traffic could overwhelm its ability to serve. And sure enough, in a later experiment, I found out that even just a few dozens of simultaneous ping could achieve a pretty successful DoS attack.
So, here is my advice: Never enable the option to allow remote administration on your home router (including DSL router and cable modems), and disable DMZ and block all the unnecessary incoming ports (e.g. telnet, ftp, etc)