BHU's 'Tiger Will Power' Wi-Fi Router May Be The Most Insecure Router Ever Made

An anonymous reader writes from a report via Softpedia: A Wi-Fi router manufactured and sold only in China can easily run for the title of "most insecure router ever made." The BHU router, whose name translates to "Tiger Will Power," has a long list of security problems that include: four authentication bypass flaws (one of which is just hilarious); a built-in backdoor root account that gets created on every boot-up sequence; the fact that it opens the SSH port for external connections after every boot (somebody has to use that root backdoor account right?); a built-in proxy server that re-routes all traffic; an ad injection system that adds adverts to all the sites you visit; and a backup JS file embedded in the router firmware if the ad script fails to load from its server. For techies, there's a long technical write-up, which gets funnier and scarier at the same time as you read through it. "An attacker authenticating on the router can use a hardcoded session ID (SID) value of 700000000000000 to gain admin privileges," reports Softpedia. "If he misspells the SID and drops a zero, that's no problem. The BHU router will accept any value and still grant the user admin rights."

They're just trying to be "user friendly"

[mspohr]

They clearly went to a lot of trouble to make it easy to access this router.
I think we should give them credit for the "most user friendly router".
Really, think of all the times you have had to battle with passwords, IDs, etc. to get access to your router... what a drag.
Anybody can get into this thing.

Re:They're just trying to be "user friendly"

You're joking, but I've actually had marketing demand a website have unlimited user sessions; because if users have to bother entering their password again, they might just shop elsewhere.

Re:They're just trying to be "user friendly"

[Zontar+The+Mindless]

Are you the same shining light who mistranslated the name of the "intelligent" [zhìnéng] router? How appropriate...

Re:They're just trying to be "user friendly"

[Opportunist]

There are six words that can put your mind at ease while at the same time removing such requests 9 out of 10 times from existence:

"Can I have that in writing?"

Re:They're just trying to be "user friendly"

[Opportunist]

Yeah, yeah, everyone should have one, ha ha.

Re:They're just trying to be "user friendly"

[The-Ixian]

At one point, while working on a team which was developing a custom web interface to a telephone system, our manager *insisted* that an HTTP GET method be added called "override". If the user requesting the web page manually added "override=1" to the URL string... all authentication was bypassed, allowing full access to that phone tree. That company and all software is long gone now but the override=1 remains as a fun joke among the ex-team members.

Re:They're just trying to be "user friendly"

[Phusion]

This is why the only good that can come out of marketing people is to grind them into powder and sell them at your local grocery store.

They made it intentionally that way

It's China. Anything goes.

Re:They made it intentionally that way

[swalve]

I have to wonder if the manufacturer is to blame, or if someone hacked them.

Re:They made it intentionally that way

[Opportunist]

Does that matter?

Of course you wouldn't want to buy stuff from a company that makes deliberately insecure products, but would it be any more trustworthy if a router manufacturer "only" got hacked?

"Sold only in China"

Yeah, it's "sold only in China" until we find out some American company imported them by the boatload, slapped their own plastic case around them, and are selling them under another brand. It wouldn't be the first time.

Re:"Sold only in China"

[pete6677]

And they'll sell like crazy at the Best Buy Black Friday for only $5.99 (quantities limited).

Mother of GOD!!!!!!!

This... is probably one of the worst product break-downs I've read in my entire short life as a software dev. Who coded this ****, a monkey?

The fact that it re-writes the root password and opens the SSH port means it's intentional 100%.

Re:Mother of GOD!!!!!!!

Who coded this ****, a monkey?

Come on now, you can say shit, promise. We're all fucking adults in here.

Re:Mother of GOD!!!!!!!

[Coren22]

We're all fucking adults in here.

I imagine that like with any community of people, there are some that are fucking kids instead of adults, and as this is Slashdot, there are many of us that aren't even fucking at all.

Re:Linux

[chipschap]

Let's see, ad injection, changing stuff back to default after you've changed it to something else, etc., etc. .... sounds like Windows 10 is already on there.

Re:Linux

[campuscodi]

Runs BusyBox

Re:Sounds like a good honeypot router

[unixisc]

iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

They're safe!

[Voyager529]

Their safety comes from the fact that it's only sold in China, so they've already got a firewall.

Re:They're safe!

[cant_get_a_good_nick]

Jokes aside, hacks from inside the firewall are the new hotness. I think the Australia Census DoS was inside the firewall. Perimeter defense is a fiction. Especially with the Internet of Never Updated Easily Pwn3d things.

Why all the articles

[ruir]

coming from the shitty outleft softpedia here? I think I will stop dropping by...

Re:Why all the articles

[Coren22]

You missed Medium.

Re:Who cares

[Zontar+The+Mindless]

Tyst! När man talar om trollen så står de i farstun!

A little router

[jovius]

A little router
Such wow, closed never was
So much interest

Just like a phone system

[dbIII]

Some PABX stuff is like that - imagine all of the above only with telnet as well.
Point Of Sale stuff sometimes has hardcoded passwords as well.

Try HN...

[mha]

Try Hacker News at https://news.ycombinator.com/ for better submissions - and also for much better discussions. I don't want to advertise it too much though, let the "funny" commenters and over-emotional downvoters who can't say anything technical about the subject(s) being discussed remain on all the other websites... :)

If made by China, we call this "insecure"

[Opportunist]

But if a US company had made it, it would be called "trusted".

Re:A case for friendly greyhats

[Opportunist]

No matter where you did that you'd be fucked.

In China, you'd get jailed for dissident behaviour.
In the US, you'd get fined, to the point where you wish it was jail time because then you could at least get food and shelter, for breaking the DMCA.

Re:Sounds like a good honeypot router

[Opportunist]

Why waste resources? /etc/init.d/iptables stop

Re:A case for friendly greyhats

[Opportunist]

Sorry, but seriously I stopped following and caring about the US copyright system altogether. It's not possible to not break it anymore, so why bother trying?

Yes, but..

[c]

... does it run DD-WRT (or variants)?

That's really all I ever want or expect from an off-the-shelf router. I assume that vendor-provided firmware is crap, untrustworthy, or inflexible.

Re:A case for friendly greyhats

[operagost]

Should probably start paying attention to Congress now, because in 2019 things will start entering the public domain again. I'm sure that starting next year, someone's going to try to push another Mickey Mouse Protection Act through.

Re:A case for friendly greyhats

[Opportunist]

I can't avoid it, I can't fight it, all I can do is simply treat them and their laws with the same attention they treat me: None at all.

Re:This is not 1995. YO FBI SLASHDOT

[Coren22]

Why would US government spies use a pringle can instead of buying a Yagi? Did someone cut their budget?

https://www.google.com/search?...