Domain: datenbruch.de
Stories and comments across the archive that link to datenbruch.de.
Comments · 11
-
I predicted this a few years ago
While playing around with the fonera routers I already predicted issues like this: http://stefans.datenbruch.de/lafonera/whywedidit.shtml Consumer routers without decent firmware support are a even greater risk than unpatched windows systems; while access to the latter will probably be noticed, the profile of a hijacked routers stays low to its owner.
-
Re:Anyone know the details of the MIT agreement?
Part of the problem is that the company (Meraki) pushed firmware upgrades to all the units, including older boxes purchased before their revised licensing model. The new firmware locks down the units, making it impossible to hack them and impossible to load custom firmware and bypass the new locks.
I strongly oppose network equipment that updates itself without giving me the choice of averting that. It's the equivalent of closed source software, only in hardware. Business plans change, and you never know what your former trusted partner is up to in the future. There's also the danger of someone hijacking the update system; This would have been possible with earlier version of the FON(era) upgrade procedure (as pointed out on my website): Imagine having a botnet consisting of all FON/Meraki units ever installed anywhere on this planet. Users (at least the ones FON units are marketed to) won't probably notice, since there windows PC isn't getting slower and no antivirus software will ever detect the compromised router in their network. That's why I cannot trust systems in my network I do not have root access to, especially those that take a central part in it like a router.
-
Re:Vendor lockin is a myth
Fon has also tried to lock out hackers from their hardware - although the moment they sell it, it's not their hardware anymore. There are still some hacks that work and give you SSH access, check my website about it. Although my latest hack ("kolofonium") does not work with the latest firmware, there are still many systems using it: http://stefans.datenbruch.de/lafonera/kolofonium-chart.png So you can guess how many of the sold FON spots may still be active; FON managed to alienate many advanced users that wished to participate but were locked out of their routers.
-
Re:Vendor lockin is a myth
Fon has also tried to lock out hackers from their hardware - although the moment they sell it, it's not their hardware anymore. There are still some hacks that work and give you SSH access, check my website about it. Although my latest hack ("kolofonium") does not work with the latest firmware, there are still many systems using it: http://stefans.datenbruch.de/lafonera/kolofonium-chart.png So you can guess how many of the sold FON spots may still be active; FON managed to alienate many advanced users that wished to participate but were locked out of their routers.
-
Getting beyond the stock firmware
There are routers that do not allow flashing a custom firmware: However, most devices do have bugs in the webinterface that allows the owner to execute arbitrary shell code to circumvent this protection. Often, there a different approaches: The routers given away by FON (La Fonera) did have some web interface vulnerabilities, however FON fixed this in the latest firmware (0.7.1-2). They did not pay attention to their chillispot system: There is an attack vector that involves spoofing the FON radius server, in the tradition of the earlier hacks Grammofon and Fondue, this new hack (which works on all FON firmware versions) is called Kolofonium. It enables SSH access to the devices and by that allows further customization.
-
Getting beyond the stock firmware
There are routers that do not allow flashing a custom firmware: However, most devices do have bugs in the webinterface that allows the owner to execute arbitrary shell code to circumvent this protection. Often, there a different approaches: The routers given away by FON (La Fonera) did have some web interface vulnerabilities, however FON fixed this in the latest firmware (0.7.1-2). They did not pay attention to their chillispot system: There is an attack vector that involves spoofing the FON radius server, in the tradition of the earlier hacks Grammofon and Fondue, this new hack (which works on all FON firmware versions) is called Kolofonium. It enables SSH access to the devices and by that allows further customization.
-
Getting beyond the stock firmware
There are routers that do not allow flashing a custom firmware: However, most devices do have bugs in the webinterface that allows the owner to execute arbitrary shell code to circumvent this protection. Often, there a different approaches: The routers given away by FON (La Fonera) did have some web interface vulnerabilities, however FON fixed this in the latest firmware (0.7.1-2). They did not pay attention to their chillispot system: There is an attack vector that involves spoofing the FON radius server, in the tradition of the earlier hacks Grammofon and Fondue, this new hack (which works on all FON firmware versions) is called Kolofonium. It enables SSH access to the devices and by that allows further customization.
-
Shell code in linux based devices
-
Re:Missile Command!
So now that they are using lasers, the old missile shield is outdated?
-
Nokia 770 anyone?
This Pepper pad looks nice, just like a bigger version of the Nokia 770, which runs Linux as well. Having an open plattform is a nice way to attract developers and establish a nice collection of applications. I hope we see more of those linux gadgets in the future.
-
Like my iPaq, but cooler and more expensive :-)
If this photo is correct (looks a little bit strange), the device runs GPE, a pretty nice handheld interface used by several linux handheld derivates and based on GTK+. Since GPE uses a real XServer, porting applications is quite easy (you can even run them remote), as opposed to OPIE, which uses the framebuffer directly. Nokia's maemo platform has many similarities to GPE, I hope that both projects profit from each other.