« Posts under Telecom

Hacking and Securing DSL Routers

July 9, 2015 / posted in General, Hacking, Information Security, ISP, Telecom, Tutorials / 4 Comments

Introduction:
(Note: If you know how DSL works, you can jump to the next section!)
Most of the internet users nowadays are using DSL connections. DSL stands for Digital Subscriber Line which provides internet over telephone lines. DSL uses ADSL Routers or ADSL Modems. Here is a layman diagram of how DSL works:
how_dsl_works

Whenever a user turns on their DSL modem, they are connected to the DSLAM which is usually placed inside ISP Exchange. Each DSLAM has the capacity to connect with thousands of DSL users. In above image, it looks like a small box but actually it is much bigger:
dslam_backside

DSLAM is responsible for checking the condition of telephone line and assures that a stable connection can be maintained. It also holds some properties for each telephone line. The Download and Upload Rate you see in your modem status page are also set by DSLAM. Once the DSLAM connection is established, the DSL light on some modems is turned on.
modem_adsl_light_off

Now the modem sends Internet Access request to the BRAS server. This request contains the DSL username and password which is saved in the DSL modem settings. The login is usually set by the lineman when they install a new DSL connection. The BRAS server is directly connected with the central RADIUS server which contains login information of all DSL users. The RADIUS server also contains a list of IP Addresses which are not used by others. If the login sent by modem is valid, RADIUS server responds with one IP Address from the IP Address list. Once the modem receives the IP Address, an internet connection is established and the internet light on modem is turned on:
modem_adsl_internet_on

That was some lengthy introduction about DSL and its working for non-technical people!

How to Hack:
After reading the above introduction we know that each DSL connection is assigned a unique Public IP address from a list. This list is basically a range of IP Addresses which is assigned to the ISP by the RIR. We can check our IP Address from here: http://myip.counterstrike.com.pk/. I assume my IP Address is 66.150.150.10. The IP Address we see is basically the IP Address assigned to our modem. What will happen if we change the last part of our IP Address and enter 66.150.150.11 it in web browser?
ip_connect_error

Oh. It looks like that IP Address does not belong to any DSL user. Lets try 66.150.150.11:
router_basic_auth_page
(Keep increasing the last number of IP Address until you hit a login page. Don’t give up too soon!)

Looks like we have reached the login page of another DSL users’s modem. The default login for most modems is admin:admin. More default logins are given in next section. Once we login successfully, we have full control over that modem.
For example:

  • We can steal their DSL login and use their bandwidth:
    modem_wan_ppp_settings

  • Change their DNS Servers and hijack their DNS Requests:
    modem_wifi_key_wpa_psk

  • Steal their Wi-Fi keys:
    modem_wifi_key_wpa_psk

  • Enable DMZ to remotely access internal LAN computers:
    modem_dmz_pic

  • Replace ACS with our own for remote configuration of modem:
    modem_acs_server_attacker

  • Replace modem’s firmware with our own backdoored firmware:
    modem_firmware_backdoor_update

As you can see, we can do pretty much anything we want with that DSL Router we just owned.

How to Secure:
Now that we have learned about the various tricks to exploit the router, lets go through the different ways to secure it:

  • Change Default Router Configuration Password:
    If you have installed a new DSL connection, chances are that your login and password combination is one of the following default logins:
    admin:admin
    support:support
    user:user
    admin:ISP NAME
    admin:LAST 5 HEX CHARACTERS OF MODEM MAC ADDRESS+1
    Always use a strong password that does not include dictionary words.
    Some modems have multiple login accounts so make sure you have changed passwords for all of them:
    modem_default_login_pass

  • Change Default DSL Connection Password:
    Call your ISP helpline and ask them to change your DSL or Broadband or PPP account password.
    If you do not change it, someone else might use it and you will be billed for their download usage.

  • Disable Remote Access to Modem:
    This is to make sure no one can connect to your router from outside your network.
    modem_acl_services_lan_wan_ftp_tftp_snmp_http_icmp_telnet_ssh

  • Disable TR-069 Client:
    If you know how to configure your router, you don’t need your ISP to remotely access your router.
    So you can simply disable it.
    modem_acs_tr069_disable

  • Use Strong Wi-FI Password:
    Always use a strong WPA/PSK key for password. If the attacker is on LAN, means they have your Wi-Fi password, they can easily sniff your router credentials using MITM on your local network.

  • Be Smart:
    If you connect to your Wi-Fi network and the browser opens a page asking for your Wi-Fi password, beware! Someone is trying to hack your Wi-Fi password using Wi-Fi Phishing. This is a new technique and it cannot be prevented directly. All you can do is educate your friends and family about how this works so they should be cautious about these attacks.

If you follow the above steps, no one can break in to your router remotely or locally.

Conclusion:
The sole purpose of writing this post was to spread awareness about security and to educate the internet users and the ISP operators about the different threats they are exposed to.
So if you suspect that your router might be vulnerable, now is the right time to secure it.

Better safe than sorry!

Cyber Crime Bill in Pakistan: The Bright Side

June 26, 2015 / posted in General, Hacking, Information Security, ISP, Telecom / No Comments

Cyber Crime Laws in Pakistan
If you belong to Pakistan you might have seen the recent fuss about the “Controversial Cyber Crime Bill” that will snatch the basic rights of internet users.
This bill will take away everything including your internet privacy, freedom of speech and liberty. Once passed, it will be a cyber apocalypse for Pakistan.
At least this is what the media is projecting about that bill.

bolobhi-pasha-cybercrime-bill-update
Below are a few texts quoted from various social and mainstream media sources:

  • If you send someone a message or email without their permission, you are a criminal.
  • Posting someones image online without their consent will land you in jail.
  • It will be a crime to write anything online against government or politicians.
  • Police or any other agency will be allowed to pick anyone without arrest warrants.
  • Government will block any website they want for any reason.
  • Internet in hotels and cafes will be banned.

A few facts to keep in mind before I go any further:

  • Criminals are now using internet as a weapon for blackmailing the vulnerable. Victims often commit suicide in serious cases. If these criminals are ever caught, they are released most of the times because there are no laws that properly define those crimes.
  • Criminals mostly use open WiFi networks and cybercafés.
  • Pakistan government has already deployed a nationwide web filter which blocks adult websites, blasphemous material and anything that seems inappropriate to them. Government has used this system to block many legitimate websites without revealing any reasons. So this is nothing new that is going to happen.
  • Government agencies have powers to arrest anyone without requiring any arrest warrants but only when it is necessary. When they have solid intelligence about illegal activities and when national security at stake.

mind_control
Well, this media is a paid mind control machine. They are a modern form of black magic. You pay them good and they will turn everything in your favor. From spoiling someones reputation using scandals to violent strikes, this media plays the role of a positive catalyst. I am talking about mainstream media, the TV channels and the newspapers. Social media is not that mature yet. In our case it looks like some people don’t want to see these Cyber Crime Laws implemented.
Power of media

More details about mind manipulation by media and the methods used can be found on these links:

10 Strategies of Manipulation” by the Media

Silent Weapons for Quiet Wars

The whole point of this post is that we should not blindly believe in what we are shown by media. We must research at our own before supporting or opposing anything.