Possible Vulnerability in "Wireless Bluebox" (Linksys WRT54G) Found
So, I'm a big believer in hardware firewalls (as
opposed to software firewalls like ZoneAlarm), and I'm likely to have a
client install a LinkSys Firewall/Router even if they only have one
computer hooked up the the Internet via a broadband connection. I
myself have used the wired LinkSys routers for many years, and have
even used one to wire up a 100-computer online gaming convention (think
huge LAN-Party) to a T1 in a hotel ballroom. To keep from constantly
calling them "LinkSys Firewall/Routers," I usually refer to them
as Blue Boxes, because they are blue and boxy, and my clients seem to
be able to relate to the term.
Anyway, these days these routers can be purchased with an 802.11b (or
g) wireless access point built-in for just $40 more than a wired-only
version, so even if a client doesn't yet have a need for wireless, I
normally recommend getting it anyway. Then I turn off the wireless
radio part. I also change the password from the stunningly-stupid
default of "admin," and disable "remote configuration" option, meaning
that you must be inside the LAN in order to reconfigure the Blue Box.
Well,
it turns out that disabling the remote configuration option may not
actually disable it. At least some of the time. The unit in question is
the LinkSys WRT54G, and apparently, from outside the LAN (that is, from
the Internet) you can point your browser to the Blue Box's IP address
at either port 80 or 443, and you'll get a password prompt. If the
owner hasn't changed the default password from "admin," then full
access to the Blue Box's configuration is readily available. Yikes!!
With
such access, a hacker could change the password to something the owner
won't know, change the firmware, or learn what wireless devices can use
it (that is, read the MAC address table and WEP encryption key), or
hack into your LAN. There are full descriptions of the problem in some
of the media outlets, and the original warning posted to a mailing list
is also available.
What to do if you own such a Blue Box? First,
change the administration password. Next, check the wireless settings
to verify that no one has added themselves to your LAN. Finally, if you
can, update your Blue Box's firmware. Also, read the articles I just linked to in order to learn other protective measures. If you are a client of mine (or
want to be) contact me (warren at warrenernst dot com) and I'll check out your setup.
