Slashdot Mirror

← Back to Stories (view on slashdot.org)

BHU's 'Tiger Will Power' Wi-Fi Router May Be The Most Insecure Router Ever Made (softpedia.com)

Posted by BeauHD on from the depressingly-insecure dept.

An anonymous reader writes from a report via Softpedia: A Wi-Fi router manufactured and sold only in China can easily run for the title of "most insecure router ever made." The BHU router, whose name translates to "Tiger Will Power," has a long list of security problems that include: four authentication bypass flaws (one of which is just hilarious); a built-in backdoor root account that gets created on every boot-up sequence; the fact that it opens the SSH port for external connections after every boot (somebody has to use that root backdoor account right?); a built-in proxy server that re-routes all traffic; an ad injection system that adds adverts to all the sites you visit; and a backup JS file embedded in the router firmware if the ad script fails to load from its server. For techies, there's a long technical write-up, which gets funnier and scarier at the same time as you read through it. "An attacker authenticating on the router can use a hardcoded session ID (SID) value of 700000000000000 to gain admin privileges," reports Softpedia. "If he misspells the SID and drops a zero, that's no problem. The BHU router will accept any value and still grant the user admin rights."

7 of 62 comments (clear)

  1. They're just trying to be "user friendly" by mspohr · · Score: 5, Funny

    They clearly went to a lot of trouble to make it easy to access this router.
    I think we should give them credit for the "most user friendly router".
    Really, think of all the times you have had to battle with passwords, IDs, etc. to get access to your router... what a drag.
    Anybody can get into this thing.

    --
    I don't read your sig. Why are you reading mine?
    1. Re:They're just trying to be "user friendly" by Opportunist · · Score: 2

      There are six words that can put your mind at ease while at the same time removing such requests 9 out of 10 times from existence:

      "Can I have that in writing?"

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  2. "Sold only in China" by Anonymous Coward · · Score: 2

    Yeah, it's "sold only in China" until we find out some American company imported them by the boatload, slapped their own plastic case around them, and are selling them under another brand. It wouldn't be the first time.

    1. Re:"Sold only in China" by pete6677 · · Score: 2

      And they'll sell like crazy at the Best Buy Black Friday for only $5.99 (quantities limited).

  3. Re:Linux by chipschap · · Score: 4, Funny

    Let's see, ad injection, changing stuff back to default after you've changed it to something else, etc., etc. .... sounds like Windows 10 is already on there.

  4. They're safe! by Voyager529 · · Score: 5, Funny

    Their safety comes from the fact that it's only sold in China, so they've already got a firewall.

  5. Re:A case for friendly greyhats by Opportunist · · Score: 2

    No matter where you did that you'd be fucked.

    In China, you'd get jailed for dissident behaviour.
    In the US, you'd get fined, to the point where you wish it was jail time because then you could at least get food and shelter, for breaking the DMCA.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.