Insecure by default

by Volker Weber


Recently I discovered through the use of Boingo* that there is a second WLAN in my neighborhood. As you can see from the picture above it is unprotected. I connected and received the IP adress Well, that made me curious and I http'ed to and there was a login screen for a Telekom Sinus 130DSL wireless access router. I asked Google for the default password and that turned out to be "0000". I was in.

So this router has WLAN enabled by default, it has set its SSID to WLAN and accepts "ANY" as a second SSID. No WEP encrpytion. I wonder what the owner would do if I changed the password from "0000" to, say "6666"? Does it have a master reset?

*) Boingo is free to download. If you use a Stinkpad, I highly recommend IBM Access Connections, which also includes this WLAN discovery. See vowe's choice. The software is free to download and use, but only runs on IBM gear.


Even more curious is that this Router serves arbitrary DHCP requests by default.
My Digitus WLAN router does not. In order to use it, you have to login to an admin console at least once and enable the DHCP server either for defined MACs or with WEP.

Inviting thousands of people to exploit unprotected WLAN DSL ports may become a realistic thread if pirate ISP's start to engage in this business. Thanks to vowe I found another low-investment business model today ;-)
Well, those who can afford ThinkPads normally also afford personal access points for convenience, n'est ce pas ?

My university took a different approach for its on-campus (sadly not yet campus wide) WLAN:
The authentication works via an HTTPS encrypted web form where you have to enter your (e-mail) user name and password. On the plus side that really a cross plattform solution without the pain of running an up-to-date register of MAC addresses but of course you are stuck with an otherwise unencrypted WLAN connection. In the initial setup they used VPN for the authentication but back than OS X had no built in support for that (and of the two third party clients I knew/found, one didn't work and the other one was way too expensive after its free beta phase was over) and so I'm not really complaining... :-)

Chris, 2003-09-27

Sure, Volki. As you can see there is another signal available.

Volker Weber, 2003-09-27

Old archive pages

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.


Paypal vowe