Well, this will be a quick post but very important one.
Scrolling through my Facebook feeds, i stumbled across a post from a technology page regarding a vulnerability in some Wireless ASUS Router with USB network storage capabilities. The fact was that anybody could access the contents of the devices without passwords and without much efforts. From wedding pics, to music files to personal videos; everything! After some diving, i found that some people have already had their data stolen by some malicious guy asking for $50 to return the data.
More after the break line..
As I said in the intro, i came across this post to an article from a security site talking about a vulnerability in some ASUS Router that allows any attacker to have full access over the data stored in any device you plug in the router to share over your LAN using the router’s USB Network Storage capabilities.
For those who are somehow lost; there are some Routers (device that lies between your internet line and your personal network to distribute network connection to your devices) that allows you to share the contents of your USB device by plugging in to the router. You access the data from over LAN using any FTP client (a software that allows you to browse a network folder using the FTP protocol.)
The site also blamed the users of such systems to be using default configurations and that made them extremely vulnerable. If you did not get the point; well let’s take as example you have a device AFED X342; a router*. When you set it up, you leave the default configuration (default login username and password). So, unless you are on some third-world planet, almost everybody has an Internet-enabled device connected to the Internet, and a simple search over Google will give you the default login credentials of this device; which can be admin/admin , admin/1234 or simply blank/blank .
In the case of those ASUS devices, the default configurations was the standard default FTP credentials; anonymous/blank . So, if you have the address of the FTP device, you can connect to the device and get access to any file stored on the device. And that’s exactly what happened; someone did a search using a specialised software and dumped the addresses of around 12k+ vulnerable users.
FOR INQUIRY/EDUCATIONAL PURPOSES ONLY, i decided to look at the possibilities of the malicious guy.
- First, i got a copy of the 12000 addresses and picked out addresses randomly; some addresses were up and running while others did not. Got to find a way to know which one did and which one did not. Solution; A script!
- My Linux machine was already up and running so time to write some codes. The principle was simple; ping the device, if it responds; that means it up! But there is no way for me to ping 12000 addresses only to have one or two addresses for research purposes. So found a script, that took the list, pinged it and return a list of those machines who was up and running. Took some aweful time for even the first ten as it was on a virtual machine. Once some addresses were in hand, time to test the connection.
- Even if some addresses ping results showed that the router was powered-on, for some reason the FTP connection failed. But some did not! Among those data accessible to the world was Private movie collections, private music collections, wedding pics and videos, Downloads folder (including pirated copies of softwares!) !!.
Ok! What’s the point of all these? Remember that these data are supposed to be private and that only those on your Local-Area-Network (so, for sure is your closed-circle) are ‘allowed’ to have access to these files; but now, these files are up on the Internet! or rather accessible from the Internet. What the malicious guys can do are unlimited and of course including but not limited to stealing those data or misuse them (your wife’s and kids’ pics, your office documents backups!! – these systems are used most of the time for backups!! ). And actually, on some addresses, i found that the guys have been around, they stole the data and left only a text file asking for an ransom of $50 to return the data.
My advice to you pals out there; please take some time to change your default passwords; even though this vulnerability is technical further than default credentials; still if anyone gets access to you network; somewhere somehow theres a door protecting you. This applies not only for routers, but also to phones, websites, emails, etc etc.
Hope that this post helps!
Do not forget to share with your friends to make them aware of that!
Sharing is caring,
Caring is loving !!
– Somebody very dear to me (May Allah bless you always)
DISCLAIMER: NO UNETHICAL ACTS WERE COMMITED DURING THE COURSE OF THIS RESEARCH (INCLUDING BUT NOT LIMITED TO STEALING/COPYING/ALTERING OF PERSONAL DATA OF OTHERS!
That’s all buddies;