More Plaintext Goodness!

There has been a raft of articles lately detailing the insecurities of the WiFi access points distributed by the major ISPs. There was an article published earlier today detailing how credentials are shown in clear text when logging into a certain UK based ISPs account management portal and how can we forget the disclosure of the oversight of security within the EE APs..

This reminded me that I had seen clear text credentials somewhere in relation to my ISP. Low and behold, WPA2 passphrase and broadband account credentials are displayed to anyone capable of using default credentials to log into the Huawei HG533 access points provided by TalkTalk.

General Summary

These routers have the functionality to be administered remotely, meaning that if this feature is enabled, anyone can log in to an access point remotely using the default credentials and pilfer the WPA2 pass phrase and the owners account credentials.

These type of credentials allow the user to alter the customers account in many ways, including cancel the subscription completely. Think about it, most home based businesses rely solely on the internet to trade.. small businesses could go under without a connection for only a few days!

– J

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s