Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×

Hacking the Free "La Fonera" Wireless Router 67

Posted by kdawson from the wisdom-of-crowds dept.
wertarbyte writes, "FON is still giving away their wireless routers for free in Germany and Austria until Wednesday — under the premise that the devices will be connected and used as FON access points. The router, called 'La Fonera,' is a variant of OpenWRT, but locked down to prevent modification, including a signed firmware image to prevent the upload of new software. It is, however, possible to get shell access by connecting to a serial port present on the circuit board. And now two students from Germany have discovered vulnerabilities in the CGI scripts used to configure the device, and successfully activated an SSH daemon on the device by exploiting them, giving owners a root shell on their router. They also provide a detailed description of the procedure and 'ready-to-use' perl scripts to open up your router."
This discussion has been archived. No new comments can be posted.

Hacking the Free "La Fonera" Wireless Router More

Hacking the Free "La Fonera" Wireless Router

Comments Filter:

  • Assorted thoughts on the Fonera (Score:4, Interesting)

    by Life700MB ( 930032 ) on Sunday November 05, 2006 @04:57PM (#16728071)

    First at all, it isn't called "La Fonera". "La" in Spanish is just the "The" article, making it the Fonera, a Fonera, or how you want to call it.

    It is free too here in Spain, but obtaining it's a really strange scheme that looks a lot like a scam to get private info from people. For example, it was offered for free for the readers of a well known digg-like web and they recommended to use the same user and password to request it as the people had in the web page?! WTF!? And a month later they bought part of the page!!!!

    Extremely strange.

    And what to say of the Fonera using hidden DNS servers property of the FON makers or scripts allowing free access for them with root privileges to your private network?

    --
    Superb hosting [tinyurl.com] 200GB Storage, 2_TB_ bandwidth, php, mysql, ssh, $7.95

  • I got one of the older ones (Score:3, Interesting)

    by vadim_t ( 324782 ) on Sunday November 05, 2006 @06:06PM (#16728551) Homepage
    Got an early version at a HispaLinux convention. It cost me some cash, but it was still cheaper than I could get it otherwise, so I bought it. Coincidentally, there was a WiFi security talk at the convention, and I used the chance to ask them what they thought about the whole FON thing. They were extremely unimpressed and thought it couldn't be made secure.

    Based on a cursory examination, I determined the system was insecure. Suppose I enable the router, and somebody comes near and tries to connect. To connect, they try to connect to my wireless network, and the AP authenticates them against the FON RADIUS server.

    Now, the problem is that I'm in control of the router, so I can easily fetch their username and password. SSL wouldn't help because at best you have User AP RADIUS, as my understanding is that the AP isn't acting as a router here. The user isn't talking to the RADIUS server directly, the AP does on his/her behalf. So there's no way of stopping me from sniffing people's passwords.

    After I get passwords I can easily find some other FON AP, use somebody else's credentials, and have reasonable chances that the person getting in trouble for downloading/uploading something illegal won't be me.

    I voiced my concerns on the forum, but the replies weren't satisfying, so now I reflashed it with new firmware and there's no FON-related stuff left on it.

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close