- Every router, even if it's a cheap home router, has a management interface accessible by pointing a web browser as the router's private-side IP address.
- Home routers that provide a Wi-Fi signal to the home frequently spill signal into neighboring apartments/houses/areas.
Most people by now understand that it's a good idea to protect Wi-Fi networks with a password. It is indeed a good idea to do that, but a moderately determined attacker can still break the password and listen in on communications with a cheap antenna and some time, depending on the length of the password and the encryption mode of the network. (WPA2 is strong, but not so much if you use a password that appears in dictionaries. However, passwords of all currently used encryption modes can be attacked offline once a connection is intercepted out of the air.)
That means Wi-Fi network passwords could conceivably be intercepted. If the same password is used for the Wi-Fi network and the router's management interface, an attacker gets control of your router too. That's really bad, because most routers (all that I've seen) can be reprogrammed by uploading a new firmware package. Once an attacker gets that done, your router and all data that passes through it is compromised, even after the attacker leaves your network/vicinity. The router could be used to launch exploits against machines on your network, or it could be instructed to send all data to the bad guy's server, just to name a couple nefarious options.
Unlike Wi-Fi passwords, management passwords cannot be cracked offline. Therefore, it is worthwhile to make your management password and Wi-Fi password different. Oh, and you did change the management password to not be the default one, right?
No comments:
Post a Comment