Abandoned Routers: Forgotten, But Not Gone
by musashi42
Disclaimer: All of the below is for educational purposes only and is meant to serve as a way to raise awareness when it comes to securing your shit.
There's this rule when it comes to connecting to open Wi-Fi access points that some people follow and some don't.
Some take risks and act accordingly (like myself). Wherever you are, if there are people there along with technology, you'll probably notice an interesting list of Wi-Fi access points (APs). The most talked about, or at least it was for some period of time, was the "FBI Van some number".
There are, of course, the ones named "guest", or some company name with guest extension, and so on. Clearly, some of those, especially something with a name akin to "Gh0st1" and similar are probably better left alone, regardless of the fact that they are open, unless you are in the mood to risk it.
Sometimes you can end up finding something interesting.
In my case, I found myself in a place and situation where I had nothing better to do, so I turned on the Wi-Fi and started the Wi-Fi manager app to see if there were any of the familiar APs around.
The only name that I found aside from the usual ones (ATT, xfinity, etc.) was CiscoXXXX where "XXXX" consisted of numbers from 0 to 9. It was open, so I figured let's connect and see what happens.
Once the connection was established and an IP address assigned, I tried to access a random website. I was greeted with the usual browser output notifying me that there was no connection or that I should check my connection and similar. I wasn't that disappointed, but I did find it odd because I was used to being greeted either with a login screen of some kind (sometimes with a payment options and similar), or a screen with a bunch of disclaimers/other text and a button which, when clicked, would lead to the page notifying me that I could enjoy the Internet. I checked what my IP address was and planned on trying to access the router. It was at the usual 192.168.1.1 location.
What I was greeted with was a login screen for the router. The username/password which I tried was the default one (admin/admin) and it worked.
Here's what I found to be the shocking part about this whole thing. It wasn't about me accessing a random router. It was what I noticed regarding its setup: it was all factory settings with a bunch of empty fields. I checked the firmware version and after I got home, I did some Google searches and discovered that the firmware version that this router had was from 2012! I then remembered that I'd seen that Wi-Fi AP years ago, but I didn't bother connecting to it.
At first glance, it might be easy to dismiss the potential seriousness of this information, but it got me thinking: how many routers are out there which have been apparently forgotten, but not turned off and, on top of it all, they are open to being configured from scratch by anyone?
The point is, with the Internet of Things on the rise and people's stupidity/gullibility being ever so much higher (especially when it comes to free shit), it's important to keep your eyes open for this type of thing.
Now, granted, I may be paranoid but, having lowered my level of paranoia once before and dealing with the shitstorm that hit me, well, let's just say I'm still trying to get rid of the stench it left behind.