Tuesday, March 22, 2005
Wow. ANOTHER insecure consumer networking device
According to someone named Donnie Werner of exploitlabs.com, one model of DSL modem from Samsung has some embarrassing security problems.
I don't have one to test, so I can't vouch for any of this. Like most things these days, the modem is actually a small computer. By its nature it has to be directly connected to the net, so firewalls can't help it. So how secure is it? According to Werner, the unit's master password is "root" and it accepts logins from the outside network. In other words anybody with net access can take complete control over it.
I don't know whether any bad guys will try to take advantage of this. There are so many insecure Windows machines to take over that bad guys might not bother taking over modems. If they do, the most likely uses wouuld be to store illegal files and to hide the source of Internet connections. Attacking the rest of your computers is less likely, though it would be easy for a bad guy to install a program to spy on your Internet traffic and steal passwords.
I can't think of a way for normal people to protect themselves against problems like this. In a normal market you're fairly safe buying from established suppliers, but some of the biggest names have had back doors built into their products. Over time, maybe loud protests will discourage vendors from putting their customers at risk like this.
|
I don't have one to test, so I can't vouch for any of this. Like most things these days, the modem is actually a small computer. By its nature it has to be directly connected to the net, so firewalls can't help it. So how secure is it? According to Werner, the unit's master password is "root" and it accepts logins from the outside network. In other words anybody with net access can take complete control over it.
I don't know whether any bad guys will try to take advantage of this. There are so many insecure Windows machines to take over that bad guys might not bother taking over modems. If they do, the most likely uses wouuld be to store illegal files and to hide the source of Internet connections. Attacking the rest of your computers is less likely, though it would be easy for a bad guy to install a program to spy on your Internet traffic and steal passwords.
I can't think of a way for normal people to protect themselves against problems like this. In a normal market you're fairly safe buying from established suppliers, but some of the biggest names have had back doors built into their products. Over time, maybe loud protests will discourage vendors from putting their customers at risk like this.
# posted by Frederick @ 8:06 PM Email to a friend:
Haloscan: they provide trackback