Is your router letting intruders onto your home network? Have you got everything secured or is there a backdoor (or even a front door) into your network and any devices connected to it?
We’ve recently learned that routers supplied to customers by a Spanish ISP (Internet service provider) have been incorrectly configured, potentially enabling intruders unfettered access to home networks across Spain. But is this weakness limited to Spain, and are there any other ISP-related problems that might result in your home network security being compromised?
You may be interested to know that Pirelli was purchased by ADB in 2010. As such, there is a good chance that this poor practice isn’t limited to one device in one country.
How To Bypass A Pirelli Home Router With Childlike Ease
As reported recently, security researcher Eduardo Novella discovered that Pirelli P.DGA4001N routers have a rather worrying bug. It’s around two years since Novella made the discovery, and in the meantime he has been patiently waiting for something to be done about it.
Sadly, it’s still there.
The bug is so simple to exploit that you don’t even need to be able to code in order to use it. All you need to do is enter the web-facing IP address of a router, suffix it with wifisetup.html (so something like 18.104.22.168/wifisetup.html) and you can start playing around with the router configuration. Expert hackers would then be able to start setting up routes into the network, start sniffing Internet traffic, potentially even attack a computer with no firewall installed.
Here’s an illustration of the bug:
As demonstrated here, and on Novella’s proof of concept paper the default configuration on these routers, provided by a Spanish ISP, is frighteningly leaky.
Put simply (in case you didn’t know), there should be no access to the router’s administrator pages from outside of your home network. Similarly, there shouldn’t be any opportunity to enter a URL that takes you to a page without any form of authentication.
Anyone owning one of these devices should be worried.
Defend Against Hackers Using This Route Into Your System
Do you own a Pirelli P.DGA4001N router? If so, you’ll need to shore things up. Begin by checking if your ISP or your router vendor has issued a firmware update, to overcome the problem of welcoming hackers into your home.
Once this has been done, check to see if the problem is fixed. If it is, then you should be good to carry on, although given how remarkable this vulnerability is, you may have second thoughts, and purchase a new router with trusted security specifications.
Instead, you could install an alternative router operating system such as DDWRT or OpenWRT. These both offer enhanced configuration options and are by design more secure than the software that usually comes packed with routers. Note that these are not the only options, however, and that other router firmwares are available.
Does Your Router Have A Similar Bug?
It should be a simple matter to check if your home router is similarly affected by this sort of vulnerability. Begin by signing into your router’s admin console and making a note of the Internet-facing IP address.
This can be done by opening your preferred browser, and entering the router IP, which you will find by opening a command prompt and entering ipconfig – the item labelled Default Gateway is your router. Here’s some more help in finding your IP address.
With the Internet-facing IP address noted, use your smartphone or 3/4G-ready tablet, disable Wi-Fi and connect to the web through your mobile provider. In your browser, enter the IP address you noted down.
What should happen is that nothing will load, or you’ll be bounced to the ISP’s homepage. What you shouldn’t see, however, is a welcome page or a notice from your PC saying that Internet services haven’t been set up. While you’re checking, follow the example in Eduardo Novella’s report above and check the various pages in your router’s admin console (use the addresses displayed on your desktop browser). Hopefully, nothing should be revealed.
You’ll be interested to know that I have tried this, and found, to my surprise, that I was looking at a test webpage set up with Bitnami on my computer. The reason for this was quickly established; my router firewall security level had been set to Low, presumably as part of a firmware update from my ISP.
We would recommend you check the security of your router as soon as possible. Let us know if you discover anything untoward.