BHU's 'Tiger Will Power' Wi-Fi Router May Be The Most Insecure Router Ever Made (softpedia.com)

← Back to Stories (view on slashdot.org)

BHU's 'Tiger Will Power' Wi-Fi Router May Be The Most Insecure Router Ever Made (softpedia.com)

Posted by BeauHD on Monday August 22, 2016 @12:05PM from the depressingly-insecure dept.

An anonymous reader writes from a report via Softpedia: A Wi-Fi router manufactured and sold only in China can easily run for the title of "most insecure router ever made." The BHU router, whose name translates to "Tiger Will Power," has a long list of security problems that include: four authentication bypass flaws (one of which is just hilarious); a built-in backdoor root account that gets created on every boot-up sequence; the fact that it opens the SSH port for external connections after every boot (somebody has to use that root backdoor account right?); a built-in proxy server that re-routes all traffic; an ad injection system that adds adverts to all the sites you visit; and a backup JS file embedded in the router firmware if the ad script fails to load from its server. For techies, there's a long technical write-up, which gets funnier and scarier at the same time as you read through it. "An attacker authenticating on the router can use a hardcoded session ID (SID) value of 700000000000000 to gain admin privileges," reports Softpedia. "If he misspells the SID and drops a zero, that's no problem. The BHU router will accept any value and still grant the user admin rights."

62 comments

Min score:

Reason:

Sort:

Sounds like a good honeypot router by Anonymous Coward · 2016-08-22 12:15 · Score: 0

nt
1. Re:Sounds like a good honeypot router by unixisc · 2016-08-22 13:43 · Score: 1
  
  iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT
2. Re:Sounds like a good honeypot router by Opportunist · 2016-08-22 20:33 · Score: 1
  
  Why waste resources? /etc/init.d/iptables stop
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
3. Re: Sounds like a good honeypot router by Anonymous Coward · 2016-08-23 05:36 · Score: 0
  
  What if you are using systemd ;) ^duckz*
They're just trying to be "user friendly" by mspohr · 2016-08-22 12:17 · Score: 5, Funny

They clearly went to a lot of trouble to make it easy to access this router.
I think we should give them credit for the "most user friendly router".
Really, think of all the times you have had to battle with passwords, IDs, etc. to get access to your router... what a drag.
Anybody can get into this thing.

--
I don't read your sig. Why are you reading mine?
1. Re:They're just trying to be "user friendly" by Anonymous Coward · 2016-08-22 13:03 · Score: 0
  
  Racist much? I'm sure life with you is so, oh, so much better than life in Zimbabwe!
2. Re:They're just trying to be "user friendly" by Anonymous Coward · 2016-08-22 16:10 · Score: 1
  
  You're joking, but I've actually had marketing demand a website have unlimited user sessions; because if users have to bother entering their password again, they might just shop elsewhere.
3. Re:They're just trying to be "user friendly" by Zontar+The+Mindless · 2016-08-22 16:33 · Score: 1
  
  Are you the same shining light who mistranslated the name of the "intelligent" [zhìnéng] router? How appropriate...
  
  --
  Il n'y a pas de Planet B.
4. Re:They're just trying to be "user friendly" by Opportunist · 2016-08-22 20:32 · Score: 2
  
  There are six words that can put your mind at ease while at the same time removing such requests 9 out of 10 times from existence:
  "Can I have that in writing?"
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
5. Re:They're just trying to be "user friendly" by Opportunist · 2016-08-22 23:58 · Score: 1
  
  Yeah, yeah, everyone should have one, ha ha.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
6. Re:They're just trying to be "user friendly" by The-Ixian · 2016-08-23 04:17 · Score: 1
  
  At one point, while working on a team which was developing a custom web interface to a telephone system, our manager *insisted* that an HTTP GET method be added called "override". If the user requesting the web page manually added "override=1" to the URL string... all authentication was bypassed, allowing full access to that phone tree. That company and all software is long gone now but the override=1 remains as a fun joke among the ex-team members.
  
  --
  My eyes reflect the stars and a smile lights up my face.
7. Re:They're just trying to be "user friendly" by Phusion · 2016-08-23 04:57 · Score: 1
  
  This is why the only good that can come out of marketing people is to grind them into powder and sell them at your local grocery store.
  
  --
  640k ought to be enough for anyone.
They made it intentionally that way by Anonymous Coward · 2016-08-22 12:20 · Score: 1

It's China. Anything goes.
1. Re:They made it intentionally that way by swalve · 2016-08-22 14:09 · Score: 1
  
  I have to wonder if the manufacturer is to blame, or if someone hacked them.
2. Re:They made it intentionally that way by Opportunist · 2016-08-22 20:29 · Score: 1
  
  Does that matter?
  Of course you wouldn't want to buy stuff from a company that makes deliberately insecure products, but would it be any more trustworthy if a router manufacturer "only" got hacked?
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Re:Linux by Anonymous Coward · 2016-08-22 12:22 · Score: 0

How about vxworks or qnx? The vxworks variants of the wrt54g were the best.. /sarcasm
"Sold only in China" by Anonymous Coward · 2016-08-22 12:22 · Score: 2

Yeah, it's "sold only in China" until we find out some American company imported them by the boatload, slapped their own plastic case around them, and are selling them under another brand. It wouldn't be the first time.
1. Re:"Sold only in China" by pete6677 · 2016-08-22 13:46 · Score: 2
  
  And they'll sell like crazy at the Best Buy Black Friday for only $5.99 (quantities limited).
2. Re:"Sold only in China" by Anonymous Coward · 2016-08-23 04:22 · Score: 0
  
  All they need is a new firmware package.
Mother of GOD!!!!!!! by Anonymous Coward · 2016-08-22 12:23 · Score: 1

This... is probably one of the worst product break-downs I've read in my entire short life as a software dev. Who coded this ****, a monkey?
The fact that it re-writes the root password and opens the SSH port means it's intentional 100%.
1. Re:Mother of GOD!!!!!!! by Anonymous Coward · 2016-08-22 12:33 · Score: 0
  
  The fact that it re-writes the root password and opens the SSH port means it's intentional 100%.
  There's a VPS provider out there (let's say their name rhymes with "Loud at Cost") whose linux images were set up this way for awhile. Everytime you rebooted an instance, it would reset the root password. I couldn't fucking believe it.
2. Re:Mother of GOD!!!!!!! by Anonymous Coward · 2016-08-22 12:53 · Score: 1
  
  Who coded this ****, a monkey?
  Come on now, you can say shit, promise. We're all fucking adults in here.
3. Re:Mother of GOD!!!!!!! by Anonymous Coward · 2016-08-22 16:40 · Score: 0
  
  Come on now, you can say ****, promise.
  Um um um! I'm telling mom!
4. Re:Mother of GOD!!!!!!! by Anonymous Coward · 2016-08-23 01:01 · Score: 0
  
  We're all fucking adults in here.
  No guarantees about gender or species though.
5. Re:Mother of GOD!!!!!!! by Anonymous Coward · 2016-08-23 01:46 · Score: 0
  
  Oh and minus a few asshats n astroturfers n shills, you're among friends
6. Re:Mother of GOD!!!!!!! by Coren22 · 2016-08-24 05:55 · Score: 1
  
  We're all fucking adults in here.
  I imagine that like with any community of people, there are some that are fucking kids instead of adults, and as this is Slashdot, there are many of us that aren't even fucking at all.
  
  --
  APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
Follow the money by Anonymous Coward · 2016-08-22 12:27 · Score: 0

Probably backed by someone neophyte wanting to create a discount botnet. Not a very smart outfit mind you. But ypu can blame them for trying
Unhackable quantum satelite by Anonymous Coward · 2016-08-22 12:29 · Score: 0

Maybe they are not worried anymore about foreign hacks due to these unhackable satellites. So now only the government can access their router, and of course those inside the country... a thought.
Re:Linux by chipschap · 2016-08-22 13:06 · Score: 4, Funny

Let's see, ad injection, changing stuff back to default after you've changed it to something else, etc., etc. .... sounds like Windows 10 is already on there.
Re:Linux by campuscodi · 2016-08-22 13:22 · Score: 1

Runs BusyBox
Re:Linux by Anonymous Coward · 2016-08-22 13:24 · Score: 0

No, they decompiled Windows and copied some of its code.
A case for friendly greyhats by Anonymous Coward · 2016-08-22 13:47 · Score: 0

This is just begging for someone to write patches for those vulnerabilities, and push them to the routers using said vulnerabilities.
1. Re:A case for friendly greyhats by Anonymous Coward · 2016-08-22 13:55 · Score: 0
  
  This is just begging for someone to write patches for those vulnerabilities, and push them to the routers using said vulnerabilities.
  But then comrade, you would be opposing the the will of the Party......
2. Re:A case for friendly greyhats by Opportunist · 2016-08-22 20:25 · Score: 2
  
  No matter where you did that you'd be fucked.
  In China, you'd get jailed for dissident behaviour.
  In the US, you'd get fined, to the point where you wish it was jail time because then you could at least get food and shelter, for breaking the DMCA.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
3. Re:A case for friendly greyhats by Anonymous Coward · 2016-08-22 21:14 · Score: 0
  
  To be fair, you wouldn't be breaking the DMCA (plenty of other laws, though). There's no copy protection mechanism involved, so the DMCA doesn't apply.
4. Re:A case for friendly greyhats by Opportunist · 2016-08-22 21:18 · Score: 1
  
  Sorry, but seriously I stopped following and caring about the US copyright system altogether. It's not possible to not break it anymore, so why bother trying?
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
5. Re:A case for friendly greyhats by operagost · 2016-08-23 03:47 · Score: 1
  
  Should probably start paying attention to Congress now, because in 2019 things will start entering the public domain again. I'm sure that starting next year, someone's going to try to push another Mickey Mouse Protection Act through.
  
  --
  
  Gamingmuseum.com: Give your 3D accelerator a rest.
6. Re:A case for friendly greyhats by Opportunist · 2016-08-23 21:20 · Score: 1
  
  I can't avoid it, I can't fight it, all I can do is simply treat them and their laws with the same attention they treat me: None at all.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
They're safe! by Voyager529 · 2016-08-22 14:19 · Score: 5, Funny

Their safety comes from the fact that it's only sold in China, so they've already got a firewall.
1. Re:They're safe! by cant_get_a_good_nick · 2016-08-23 06:56 · Score: 1
  
  Jokes aside, hacks from inside the firewall are the new hotness. I think the Australia Census DoS was inside the firewall. Perimeter defense is a fiction. Especially with the Internet of Never Updated Easily Pwn3d things.
FEATURES! by Anonymous Coward · 2016-08-22 14:45 · Score: 0

Not bugs. It is all by design [barring an occasional authentic bug]
Why all the articles by ruir · 2016-08-22 15:49 · Score: 1

coming from the shitty outleft softpedia here? I think I will stop dropping by...
1. Re:Why all the articles by Anonymous Coward · 2016-08-23 05:35 · Score: 0
  
  So much hate on this site.
  I don't like Vice
  I don't like Betanews
  I don't like ZDNet
  I don't like Softpedia
  I don't like CSO Online
  I don't like The Verge
  I don't like Wired
  I don't like VentureBeat
  Give it a fucking rest... if a site reports on it and someone submits it... it reaches the frontpage. If you want something else, submit it yourself.
2. Re:Why all the articles by Coren22 · 2016-08-24 05:59 · Score: 1
  
  You missed Medium.
  
  --
  APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
Re:Who cares by Zontar+The+Mindless · 2016-08-22 16:39 · Score: 1

Tyst! När man talar om trollen så står de i farstun!

--
Il n'y a pas de Planet B.
A little router by jovius · 2016-08-22 17:58 · Score: 1

A little router
Such wow, closed never was
So much interest
Just like a phone system by dbIII · 2016-08-22 18:32 · Score: 1

Some PABX stuff is like that - imagine all of the above only with telnet as well.
Point Of Sale stuff sometimes has hardcoded passwords as well.
Try HN... by mha · 2016-08-22 19:26 · Score: 1

Try Hacker News at https://news.ycombinator.com/ for better submissions - and also for much better discussions. I don't want to advertise it too much though, let the "funny" commenters and over-emotional downvoters who can't say anything technical about the subject(s) being discussed remain on all the other websites... :)
1. Re:Try HN... by Anonymous Coward · 2016-08-23 00:27 · Score: 0
  
  Huh?
  I understand why the old hags at slashdot don't usually vote anonymous posters, but I don't understand why after having gained dozens of point on HN a single controversial comment is enough to reset it to -1.
If made by China, we call this "insecure" by Opportunist · 2016-08-22 20:23 · Score: 1

But if a US company had made it, it would be called "trusted".

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
THERE WAS A WARNING LABEL by Anonymous Coward · 2016-08-22 23:58 · Score: 0

Sweartogod, it came in the box! I was wondering why a fortune cookie was in there! It turns out that the fortune is part of the package! I remember, I cracked it open, but the fortune was printed in Chinese! I handed it my Chinese co-worker, and he laughed and said, Congratulations, you have just installed the most insecure network in the mainland!
We first thought it meant mainland China, the way they referred to it in their papers, y'know, but now that THIS story is out...now, that I think about it, mainland USA isn't farfetched...
Yes, but.. by c · 2016-08-23 00:52 · Score: 1

... does it run DD-WRT (or variants)?
That's really all I ever want or expect from an off-the-shelf router. I assume that vendor-provided firmware is crap, untrustworthy, or inflexible.

--
Log in or piss off.
Lacking details on WLAN authentication by Anonymous Coward · 2016-08-23 05:13 · Score: 0

Does it also generate easily guessable passwords based on its MAC address and also include a free-for-all non-throttling WPS system that cannot be turned off, or worse, pretends that it has been disabled? If the answer is no, then it's not the most hackable router, at least not from a WLAN standpoint.
Re:Linux by Anonymous Coward · 2016-08-23 06:46 · Score: 0

It is almost like no one knows what Group Policy Editor is.
This is not 1995. YO FBI SLASHDOT by Anonymous Coward · 2016-08-23 07:30 · Score: 0

Nobody will be cruising your house with a Pringles can unless they are in fact US government spies.
If they have to use nearby spy gear to hack into your router, you are doing it right. If you are doing it right you will not buy some piece of shit bhus "tiger will power" router anyway.
This story is just some "what do we do today FBI" story about bullshit.
Here is an idea! by Anonymous Coward · 2016-08-23 15:35 · Score: 0

Sell them to Iraq.
Re:This is not 1995. YO FBI SLASHDOT by Coren22 · 2016-08-24 06:02 · Score: 1

Why would US government spies use a pringle can instead of buying a Yagi? Did someone cut their budget?
https://www.google.com/search?...

--
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?