Pinterest Stumbleupon Whatsapp
Ads by Google

Is your router letting intruders onto your home network? Have you got everything secured or is there a backdoor (or even a front door) into your network and any devices connected to it?

We’ve recently learned that routers supplied to customers by a Spanish ISP (Internet service provider) have been incorrectly configured, potentially enabling intruders unfettered access to home networks across Spain. But is this weakness limited to Spain, and are there any other ISP-related problems that might result in your home network security being compromised?

You may be interested to know that Pirelli was purchased by ADB in 2010. As such, there is a good chance that this poor practice isn’t limited to one device in one country.

How To Bypass A Pirelli Home Router With Childlike Ease

As reported recently, security researcher Eduardo Novella discovered that Pirelli P.DGA4001N routers have a rather worrying bug. It’s around two years since Novella made the discovery, and in the meantime he has been patiently waiting for something to be done about it.

Sadly, it’s still there.

The bug is so simple to exploit that you don’t even need to be able to code in order to use it. All you need to do is enter the web-facing IP address of a router, suffix it with wifisetup.html (so something like 111.222.111.222/wifisetup.html) and you can start playing around with the router configuration. Expert hackers would then be able to start setting up routes into the network, start sniffing Internet traffic, potentially even attack a computer with no firewall installed.

Ads by Google

Here’s an illustration of the bug:

As demonstrated here, and on Novella’s proof of concept paper the default configuration on these routers, provided by a Spanish ISP, is frighteningly leaky.

Put simply (in case you didn’t know), there should be no access to the router’s administrator pages from outside of your home network. Similarly, there shouldn’t be any opportunity to enter a URL that takes you to a page without any form of authentication.

Anyone owning one of these devices should be worried.

Defend Against Hackers Using This Route Into Your System

Do you own a Pirelli P.DGA4001N router? If so, you’ll need to shore things up. Begin by checking if your ISP or your router vendor has issued a firmware update, to overcome the problem of welcoming hackers into your home.

Once this has been done, check to see if the problem is fixed. If it is, then you should be good to carry on, although given how remarkable this vulnerability is, you may have second thoughts, and purchase a new router with trusted security specifications.

Instead, you could install an alternative router operating system What Is OpenWrt And Why Should I Use It For My Router? What Is OpenWrt And Why Should I Use It For My Router? OpenWrt is a Linux distribution for your router. Like other Linux distributions, it offers a built-in package manager that allows you to install packages from a software repository. It can be used for anything that... Read More such as DDWRT or OpenWRT. These both offer enhanced configuration options and are by design more secure than the software that usually comes packed with routers Why Your Router Is A Security Risk & How To Fix It Why Your Router Is A Security Risk & How To Fix It Read More . Note that these are not the only options, however, and that other router firmwares are available The Top 6 Alternative Firmwares for Your Router The Top 6 Alternative Firmwares for Your Router Alternative firmwares offer more features and better functionality than stock firmwares. Here are some of the best ones to use. Read More .

Does Your Router Have A Similar Bug?

It should be a simple matter to check if your home router is similarly affected by this sort of vulnerability. Begin by signing into your router’s admin console and making a note of the Internet-facing IP address.

This can be done by opening your preferred browser, and entering the router IP, which you will find by opening a command prompt and entering ipconfig – the item labelled Default Gateway is your router. Here’s some more help in finding your IP address How to Trace an IP Address to a PC & How to Find Your Own How to Trace an IP Address to a PC & How to Find Your Own Read More .

muo-router-security-breaches-router-firewall

With the Internet-facing IP address noted, use your smartphone or 3/4G-ready tablet, disable Wi-Fi and connect to the web through your mobile provider. In your browser, enter the IP address you noted down.

What should happen is that nothing will load, or you’ll be bounced to the ISP’s homepage. What you shouldn’t see, however, is a welcome page or a notice from your PC saying that Internet services haven’t been set up. While you’re checking, follow the example in Eduardo Novella’s report above and check the various pages in your router’s admin console (use the addresses displayed on your desktop browser). Hopefully, nothing should be revealed.

muo-router-security-breaches-test-wordpress

You’ll be interested to know that I have tried this, and found, to my surprise, that I was looking at a test webpage set up with Bitnami How To Try Out Wordpress, Joomla & More Quickly & For Free In a Virtual Machine With Bitnami How To Try Out Wordpress, Joomla & More Quickly & For Free In a Virtual Machine With Bitnami We've talked about setting up a local server before, but the process is still fairly complicated and there's lots of quirks and incompatibliities if you're trying to run it on Windows, leading to nothing but... Read More on my computer. The reason for this was quickly established; my router firewall security level had been set to Low, presumably as part of a firmware update from my ISP.

We would recommend you check the security of your router as soon as possible. Let us know if you discover anything untoward.

  1. UnhappyGhost
    February 11, 2015 at 1:59 am

    I never WANT it changed nor demanded it, it was totally your choice to take it or ignore it. I honestly was trying to help you show an error on the post which only kept me and other people at work wondering how could an author of a blog with huge followers didn't realize it or may be at least we must put a word here in the comment to help it correct. I am a corporate trainer and attend not less than 12K-15K students per quarter year and I usually recommend them good tech blog which includes yours as well, and being a true fan follower of this blog I shall never step back to help you guys with little suggestions and correction. As usual I will leave one more suggestion Mr.Cawley that, being a blogger we got to have much more open approach and better attitude to handle incoming suggestions/criticism and not end up looking bad by humiliating the people who follow your blog!

    • Christian Cawley
      February 12, 2015 at 9:21 am

      Puzzled. How exactly have I humiliated you?

    • Rama
      March 1, 2015 at 6:05 pm

      Funnily, that mashed example IP address did make me think the author had no real world experience. And yes, I enjoyed the post! ;)

  2. UnhappyGhost
    February 9, 2015 at 11:21 am

    You can call me that, but in reality it sounds as if someone was telling the spelling for CAT is DOG :P

    • Christian Cawley
      February 10, 2015 at 8:15 pm

      Reality? You should perhaps pinch yourself, the similarities are quite minor, especially as the IP address as illustrated isn't an instruction, so no one is telling anything for anything else.

      However, it does jar, so I will change it. Only because it jars with me, mind you, not because you want it changing.

  3. UnhappyGhost
    February 5, 2015 at 3:58 pm

    I agree, but it is totally not right to mention any numerical value above 255 in an IPv4 address, instead 10.20.30.40 could also be used!

    • HappyCat
      February 9, 2015 at 5:54 am

      Someone is being a IP grammar nazi...
      let me give you some more invalid ipv4 address's 8.8.256.8 255.255.456.345

  4. UnhappyGhost
    February 1, 2015 at 1:29 am

    Kindly make note, the section where you mentioned "111.222.333.444/wifisetup.html" I totally understand that it is to keep things simple for an example but it is very wrong to depict it that way. An IP Address can NEVER exceed 255, so kindly update it with another relevant example like 192.168.1.1 which is a commonly pre-configured default IP Address on most of the Wifi routers and modems. Thanks and the article really well written!

    • Victor
      February 5, 2015 at 9:41 am

      Actually, I believe the 111.222.333.444 is a global IP he's referring to. The 192.168.1.1 is a local ip address. This article is concerning the fact that people can configure your internet connection without having to be on the network itself.

  5. Jon
    January 31, 2015 at 9:31 pm

    This is why I put my ISP provided Router+Modem in bridge mode with the wireless disabled and use my own router.

Leave a Reply

Your email address will not be published. Required fields are marked *