Time Warner testing fix to hole in home router | InSecurity Complex - CNET News(情報元のブックマーク数)
Time Warnerが出している、Wi-Fiルータの脆弱性を修正する方向とのこと。
Time Warner has rolled out a temporary patch and is testing a permanent fix for a security hole in a combination cable modem/Wi-Fi router that could allow anyone to access the private network of its customers, snoop on sensitive data, and direct customers to malicious Web sites.
http://news.cnet.com/8301-27080_3-10379477-245.html
The vulnerability in the SMC8014 cable modem/Wi-Fi router provided to customers was detailed in a blog post written by David Chen, a software engineer and co-founder of the Pip.io social communications platform start-up.
JavascriptをDisableですべての管理設定ができてしまうそうですし、WEPだそうで、、、、鍵もSSIDから作られるものだったとのこと・・・orz
Chen wrote that he discovered that the administration features of the router had been disabled via JavaScript and that he was able to access all the features of the router by disabling JavaScript in the browser.
http://news.cnet.com/8301-27080_3-10379477-245.html
In addition, the device relied only on WEP encryption, which can be cracked easily, and it used a fixed format for the SSID (service set identifier), which makes it easy to tell which Wi-Fi network the device is using, he wrote.