BHU's 'Tiger Will Power' Wi-Fi Router May Be The Most Insecure Router Ever Made

An anonymous reader writes from a report via Softpedia: A Wi-Fi router manufactured and sold only in China can easily run for the title of "most insecure router ever made." The BHU router, whose name translates to "Tiger Will Power," has a long list of security problems that include: four authentication bypass flaws (one of which is just hilarious); a built-in backdoor root account that gets created on every boot-up sequence; the fact that it opens the SSH port for external connections after every boot (somebody has to use that root backdoor account right?); a built-in proxy server that re-routes all traffic; an ad injection system that adds adverts to all the sites you visit; and a backup JS file embedded in the router firmware if the ad script fails to load from its server. For techies, there's a long technical write-up, which gets funnier and scarier at the same time as you read through it. "An attacker authenticating on the router can use a hardcoded session ID (SID) value of 700000000000000 to gain admin privileges," reports Softpedia. "If he misspells the SID and drops a zero, that's no problem. The BHU router will accept any value and still grant the user admin rights."

They're just trying to be "user friendly"

[mspohr]

They clearly went to a lot of trouble to make it easy to access this router.
I think we should give them credit for the "most user friendly router".
Really, think of all the times you have had to battle with passwords, IDs, etc. to get access to your router... what a drag.
Anybody can get into this thing.

They're safe!

[Voyager529]

Their safety comes from the fact that it's only sold in China, so they've already got a firewall.