i30 Owners Club
June 21, 2024, 21:11:21

Public service announcement - wireless security

Aussie Keith · 2 · 988
« previous next »
Pages: 1   Go Down

0 Members and 1 Guest are viewing this topic.

Offline Aussie Keith

  • V.I.P
  • *
    • Posts: 2,185
    • au Australia
      Fitzgibbon, QLD
    • Keith and Joan's Gallery
October 28, 2013, 04:44:24
A neighbour reported theft of internet bandwidth and asked if I would investigate. The 3G wireless modem used is the ZTE MF62 and it works well but is not very secure. Stupidly it appears to permit access to the admin console via the wireless network (LAN side) without any security requirements. I wasn't even sure this was possible but I was able to do it myself and that's disturbing.

In contrast, most of these devices only permit access via a wired connection (USB) which is more secure. All you need to is type in the default WAN ip address or the generic url. If the owner has not changed their admin password then its easy to access the admin console via the default password. Worse, once in the wireless security password is visible in plain text. A simple cut and paste and away you go, connected to someone else's network. And then a miscreant has access on the LAN side to any devices active on the network as well as stealing your bandwidth - unless steps have been taken to lock down your LAN side network.

So, if you have one of these devices or even a device like this, here is what you should do.

First and foremost, change the admin password. That will prevent anyone accessing the console and seeing your wireless password.
Next, change your default wireless password to something "strong". Use upper and lower case, numbers and special characters.
Finally, you can lock the device to client mac addresses which means that only the machines specified can access the router. The mac (media access control) address is a unique number assigned to a network interface, essentially a digital fingerprint. By changing the firewall rule to drop packets that don't match specified mac addresses access is prevented even if WAN access via the wireless password is granted. I did not test what occurs on the LAN side, but it appears to be about as secure as you can get with these gadgets since they are not especially robust security wise.

Finally these devices are very simple and don't log so forensics from the device is impossible if you get hacked.   

http://www.wikihow.com/Find-the-MAC-Address-of-Your-Computer
« Last Edit: October 28, 2013, 06:48:22 by Aussie Keith »
  • i30 CRDi Elite auto (sleek silver)

Offline Dazzler

  • Admin
  • *
  • Laughter is the best medicine...
    • Posts: 67,423
    • au Australia
      Devonport Tasmania
  • Best Car Forum on the Net
Reply #1: October 31, 2013, 23:02:02
Hi Keith thanks for this .. I use a Telstra Elite dongle when we travel and it keeps defaulting to unsecured  :rolleyes: even though it lists as having WAN security enabled when I pull up a list of my devices. I will have to have a play with the settings you suggested.

Fortunately I don't tend to use it in public places very often and try to monitor the number of devices connected..

As I've said before, you are a handy guy to have around  :hatoff:
  • 2021 MG PHEV ( had 4 x i30 plus a Getz an Elantra and a Tucson)

Pages: 1   Go Up
Unread Posts

June 21, 2024, 21:11:21
 

SimplePortal 2.3.5 © 2008-2012, SimplePortal