Unless you have a security-minded techie in your home, chances are that little attention is paid to your ADSL or broadband router security.
Despite being the gatekeepers to our home networks, ADSL routers are low-cost devices that typically don’t see much security investment.
The average user also does not maintain or update the device through its lifespan, either lacking the time or knowledge on how to do so.
Vulnerabilities that can catch even the tech-savvy
Even if you are a security-savvy user, your home router might have vulnerabilities that you are not aware of.
For example, you might assume that your ADSL router’s administration interface will not be available on the web without enabling that functionality.
However, an old security flaw that still affects many ADSL subscribers in South Africa (17,519 according to SHODAN), is a support backdoor with a fixed password built into a popular DSL router that many ISPs sold.
Routers without this vulnerability can be exposed through other flaws, such as a cross-site request forgery, as demonstrated in the video below.
Finding targets with SHODAN
Finding an ADSL router to hack in South Africa is also made easy with SHODAN, which bills itself as the search engine for the Internet of Things.
An example of how someone can find potentially-vulnerable ADSL routers online is shown below.
It should be noted that accessing someone’s device without their permission is illegal in South Africa.
The screenshots were taken from devices we have permission to access.
Logging in by guessing the password
Armed with a list of IP addresses where the web interfaces of ADSL routers are exposed, you can log in by trying the default passwords for that brand of router.
The screenshot below shows a router that has a support account enabled by default and which exposes its web interface to the Internet by default.
The support account’s password is also available online using known search terms.
ADSL usernames and passwords in plain text
If you’ve been able to log into a router, finding someone’s username and password is trivial.
Some routers even display the password in plain text, as shown below.
“Hacking” the password field
For the routers that hide passwords by showing them as dots, there is usually an easy way to reveal them.
This is because routers can’t hash passwords before storing them, as they must be able to send them to your ISP when you log in.
The example below shows how you can change the input field type from “password” to anything else – “1” in this case – revealing the password for all to see.