Slashdot Mirror
Hacking the Free "La Fonera" Wireless Router
wertarbyte writes, "FON is still giving away their wireless routers for free in Germany and Austria until Wednesday — under the premise that the devices will be connected and used as FON access points. The router, called 'La Fonera,' is a variant of OpenWRT, but locked down to prevent modification, including a signed firmware image to prevent the upload of new software. It is, however, possible to get shell access by connecting to a serial port present on the circuit board. And now two students from Germany have discovered vulnerabilities in the CGI scripts used to configure the device, and successfully activated an SSH daemon on the device by exploiting them, giving owners a root shell on their router. They also provide a detailed description of the procedure and 'ready-to-use' perl scripts to open up your router."
Also, the only way to access your wired network from the wireless is to allow ALL wireless users to have that access. Well, okay, you could do things like SSH out to a machine on the Internet, SSH back in, and set up port forwarding that way, but nobody would ever do that :). And your own wireless access is treated the same as everybody else's-- you have to log in every time. Annoying in combination with Firefox2's ability to resume sessions-- it loads the Fon login redirection page for every tab you had open.
They've been promising a firmware fix which would allow two SSIDs with different configurations for a long time, but last I checked it still isn't out.
The upshot of this is that I thought I would be getting a nifty solution which would let me share my access while covering my own needs. Instead I really have to run two routers, one for me, and one for everybody else. And despite the fact that I live in a pretty densely populated area, in about six months the number of people who have signed on to the Fon router, besides me, is zero. Oh, correction: the buddy who told me about Fon came by and tried to sign in with his account, which he is supposed to be able to do as a "Linus" user. That didn't work either.
In summary... it's more work and their system is not transparent or secure (oh yeah, there's no encryption on the wifi connections). It's a nifty idea, but I can't really recommend it.
The poster is incorrect in saying this offer is only available in Germany and Austria. I noticed that the web site he pointed to was de.fon.com. I changed the "de" to an "en" and got the English version of the site — which will ship a router to a U.S. for 5 bucks.
in the current FONERA firmware,
things such as opening up the POP SSL ports (993 and 995).
FONERA only allows access to ports 80 and 445 to the internet even on the *private SSID*, making it useless for me as the sole router.
Also, even is the router gives the public and private clients different IP addresses to theoretically prevent the public from browsing on my private LAN, well they are on the same subnet and I can type my private LAN ips from the public network and get access!
This thing then NATs my NAT, making it even more difficult for me to sandbox it properly.
Hopefully, open-wrt will make it more useful as a mini mail server or something like a mini Asterisk server.
Artificial intelligence is no match for natural stupidity