#1 By: Chris Hoffman, October 19th, 2013 06:41
Originally published at: http://www.howtogeek.com/173921/secure-your-wireless-router-8-things-you-can-do-right-now/
A security researcher recently discovered a backdoor in many D-Link routers, allowing anyone to access the router without knowing the username or password. This isn’t the first router security issue and won’t be the last.
#2 By: Erik Hicks, October 19th, 2013 16:39
QUOTE: "However, most routers offer a “remote access” feature that
allows you to access this web interface from anywhere in the world.
Even if you set a username and password, if you have a D-Link router
affected by this vulnerability, anyone would be able to log in without
HTG, you didn't elaborate on the specific vulnerability - which is the backdoor purposely placed in the D-Link firmware present on many on D-Link routers. With remote administration enabled, this allows anyone with a specifically-set browser agent string to override the credentials check. The agent string is "‘xmlset_roodkcableoj28840ybtide" ("edit by 04882 joel backdoor" in reverse). How nice.
#3 By: John Tod, October 19th, 2013 18:14
I had someone that was hacking my router wireless password and stealing massive amounts of bandwidth. I tried changing the password to something really complicated and they were still able to get in. They were probably using a hacker program designed for just that purpose. What I ended up doing was using MAC filtering to keep them out. Most if not all routers support this. If you get into the wireless menu it should be there. Click on MAC Client List or similar button and you should see who is connected at the moment. Have everyone that uses the router to disconnect. Check again and there should be no one there. Have everyone reconnect and you should be able to select each one to add them to the MAC Client List. My router has "block" selected by default so be sure to select "allow" and then click the save button. Now no one else will be able to connect to the router even if they have the wireless password. It works really well because every internet capable device has its own unique MAC address. If the address for their device is not in the list they cannot get in. This worked wonderfully for me.
#4 By: Naman Sood, October 20th, 2013 00:24
Mustn't be good hackers. A proper hacker would break into your filtering system, get a MAC, and suddenly he's connected.
#5 By: Goran Soče, October 20th, 2013 09:20
WPS has a serious flaw too. click
Most Wireless Routers these days come with WPS turned on by default, meaning no matter what encryption mechanism is used, the router can get hacked pritty fast (if in wireless range ofc).
#6 By: John Tod, October 20th, 2013 16:12
How can they break into the router to get a MAC address that is allowed to connect if they can't connect in the first place?
#7 By: Ronald Vargo, October 20th, 2013 17:40
Hey you forgot to mention Tomato firmware!
#9 By: Ryan C, October 21st, 2013 11:10
Since wireless is transmitted in the air, and not ONLY to the target computer, the data packets can be sniffed with any easily-available packet sniffer (Wireshark and tcpdump tend to be the most favored). The packet has to have both the source and the destination mac address in clear text, otherwise, each computer wouldn't know which packets to process.
So while they couldn't connect without the information, they can easily see the packets as they're transmitted, even if it's in encrypted form. They just won't be able to decipher the actual contents.
#10 By: Tom Wilson, October 21st, 2013 16:49
Suggesting that people install alternative firmware is... dangerous.
It's very easy to brick a router while trying to install alternative firmware, especially when the installation method requires a two-step install.
I wouldn't suggest installing dd-wrt in the same breath as "change your admin password." Installing replacement firmware is something that only advanced users should attempt; it's definitely not a task for the people this article is aimed at.
#11 By: Naman Sood, October 22nd, 2013 06:08
Not exactly dangerous, but yes, not really too safe. And yes, people should only install custom firmwares they're sure about. But firmwares released by the manufacturer, they can be installed without any problem. If the router fails, you get to blame the company.