Laughable IoT security

  • 🐕 I am attempting to get the site runnning as fast as possible. If you are experiencing slow page load times, please report it.
I had several of that router. They were $5 new-in-box at a local wholesaler, so I figured I'd pick a couple up for DD-WRT fileservers since they were cheaper than RPIs.

Amusingly the ftpd issue wasn't the worst issue. I'll just quote one of the pages about DDWRT compatibility on them:

If you did not reflash the device with any other firmware, you can get shell by going to 192.168.1.254/obama.asp. You can fire up telnetd with telnetd -l /bin/sh and get instant root access.
Click to expand...

It was literally just a HTML form that executed commands as root via http get requests.
 
  • Like
Reactions: Roland Juno-G, Synthetic Smug, Smaug's Smokey Hole and 1 other person
Smaug's Smokey Hole said:
Years ago there were some routers that could act as a NAS if USB HDDs were plugged in to them, pretty decent idea at the time, making the NAS an open internet-facing FTP server by default wasn't as great. For the oblivious owners, very fun for other people though.
Click to expand...

I use syncthing for that purpose, it's shared between my computers only.

It's like dropbox without the use of 'The Cloud'.*



*other people's hard drives.
 
  • Agree
Reactions: DanteAlighieri and ⠠⠠⠅⠑⠋⠋⠁⠇⠎ ⠠⠠⠊⠎ ⠠⠠⠁ ⠠⠠⠋⠁⠛
Smaug's Smokey Hole said:
Years ago there were some routers that could act as a NAS if USB HDDs were plugged in to them, pretty decent idea at the time, making the NAS an open internet-facing FTP server by default wasn't as great. For the oblivious owners, very fun for other people though.
Click to expand...
Most routers today still do that, they just have the common sense option of locking the drive out from the external internet.
 
You must log in or register to reply here.
Back