cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Security: TG582n transmits occasionally the serial number unprotected over wifi

ejs
Aspiring Hero
Posts: 5,442
Thanks: 631
Fixes: 25
Registered: ‎10-06-2010

Security: TG582n transmits occasionally the serial number unprotected over wifi

‎02-07-2013 7:10 PM

Another issue with the TG582n when I tried it today was that I notice it broadcasts the serial number (without the CP) encrypted as part of the wifi beacon frame. I don't think it's a great idea to broadcast the default admin password to anyone in wifi range.
# iw dev wlan0 scan passive
[tt]BSS a4:b1:e9:XX:XX:XX(on wlan0) -- associated
TSF: 0 usec (0d, 00:00:00)
freq: 2437
beacon interval: 100 TUs
capability: ESS Privacy ShortSlotTime (0x0411)
signal: -47.00 dBm
last seen: 193 ms ago
Information elements from Probe Response frame:
SSID: PlusnetWirelessD1745D
Supported rates: 1.0* 2.0* 5.5* 11.0* 18.0 24.0 36.0 54.0
DS Parameter set: channel 6
ERP: <no flags>
ERP D4.0: <no flags>
RSN: * Version: 1
* Group cipher: TKIP
* Pairwise ciphers: CCMP
* Authentication suites: PSK
* Capabilities: 16-PTKSA-RC (0x000c)
Extended supported rates: 6.0 9.0 12.0 48.0
HT capabilities:
Capabilities: 0x181c
HT20
SM Power Save disabled
RX Greenfield
No RX STBC
Max AMSDU length: 7935 bytes
DSSS/CCK HT40
Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
Minimum RX AMPDU time spacing: 8 usec (0x06)
HT RX MCS rate indexes supported: 0-15
HT TX MCS rate indexes are undefined
HT operation:
* primary channel: 6
* secondary channel offset: no secondary
* STA channel width: 20 MHz
* RIFS: 1
* HT protection: nonmember
* non-GF present: 1
* OBSS non-GF present: 1
* dual beacon: 0
* dual CTS protection: 0
* STBC beacon: 0
* L-SIG TXOP Prot: 0
* PCO active: 0
* PCO phase: 0
WPS: * Version: 1.0
* Wi-Fi Protected Setup State: 2 (Configured)
* Selected Registrar: 0x0
* Response Type: 3 (AP)
* UUID: 00f0dbd4-2ad1-53ba-9937-9f01182eaee4
* Manufacturer: Technicolor
* Model: Technicolor TG
* Model Number: 582n
* Serial Number: (THE SERIAL NUMBER WITHOUT THE CP)
* Primary Device Type: 6-0050f204-1
* Device name: Technicolor TG582n
* Config methods: Label, PBC
* RF Bands: 0x1
WPA: * Version: 1
* Group cipher: TKIP
* Pairwise ciphers: TKIP
* Authentication suites: PSK
WMM: * Parameter version 1
* BE: CW 15-1023, AIFSN 3
* BK: CW 15-1023, AIFSN 7
* VI: CW 7-15, AIFSN 2, TXOP 3008 usec
* VO: CW 3-7, AIFSN 2, TXOP 1504 usec
[/tt]
Message 1 of 43
(13,768 Views)
0 Thanks
42 REPLIES 42
RPMozley
Pro
Posts: 1,339
Thanks: 83
Fixes: 13
Registered: ‎04-11-2011

Re: Security: TG582n broadcasts serial number unprotected over wifi

‎02-07-2013 8:09 PM

Does that occur on other firmware versions or is that something to check on later?
That's RPM to you!!
Message 2 of 43
(2,165 Views)
0 Thanks
pwatson
Rising Star
Posts: 2,470
Thanks: 8
Fixes: 1
Registered: ‎26-11-2012

Re: Security: TG582n broadcasts serial number unprotected over wifi

‎02-07-2013 8:14 PM

And that's a security issue because...?
Message 3 of 43
(2,165 Views)
0 Thanks
Anotherone
Champion
Posts: 19,107
Thanks: 457
Fixes: 21
Registered: ‎31-08-2007

Re: Security: TG582n broadcasts serial number unprotected over wifi

‎02-07-2013 8:23 PM

Oh come on you can't be serious?
Message 4 of 43
(2,165 Views)
0 Thanks
Anotherone
Champion
Posts: 19,107
Thanks: 457
Fixes: 21
Registered: ‎31-08-2007

Re: Security: TG582n broadcasts serial number unprotected over wifi

‎02-07-2013 8:24 PM

@ejs
If you disable WPS. does it still get broadcast?
Message 5 of 43
(2,165 Views)
0 Thanks
pwatson
Rising Star
Posts: 2,470
Thanks: 8
Fixes: 1
Registered: ‎26-11-2012

Re: Security: TG582n broadcasts serial number unprotected over wifi

‎02-07-2013 8:37 PM

Quote from: Anotherone
Oh come on you can't be serious?

Absolutely serious!
Enlighten/educate me.
Message 6 of 43
(2,165 Views)
0 Thanks
Anotherone
Champion
Posts: 19,107
Thanks: 457
Fixes: 21
Registered: ‎31-08-2007

Re: Security: TG582n broadcasts serial number unprotected over wifi

‎02-07-2013 8:44 PM

Hack the connection, log in to the (Modem/)Router and then wreak what mayhem, you choose.
Message 7 of 43
(2,165 Views)
0 Thanks
ejs
Aspiring Hero
Posts: 5,442
Thanks: 631
Fixes: 25
Registered: ‎10-06-2010

Re: Security: TG582n broadcasts serial number unprotected over wifi

‎02-07-2013 8:47 PM

It's part of the WPS info so wouldn't be broadcast without WPS enabled.
You could argue it doesn't matter because the serial number is broadcast on the LAN anyway. So if you hack the wifi password, you've got two ways to get the default admin password.
Message 8 of 43
(2,165 Views)
0 Thanks
KevinA
Rising Star
Posts: 159
Fixes: 2
Registered: ‎07-02-2013

Re: Security: TG582n broadcasts serial number unprotected over wifi

‎02-07-2013 8:49 PM

Its a security issue as it means for example a disgruntled employee could get the router password and changed what ever settings they liked possibly using a wired pc on the premises.. The obvious solution is to change the default router password.. While Plusnet find a way to removed the serial number from being broadcast .
Update
Not sure my argument is now valid if its broadcast on the LAN anyway..
Message 9 of 43
(2,165 Views)
0 Thanks
Anotherone
Champion
Posts: 19,107
Thanks: 457
Fixes: 21
Registered: ‎31-08-2007

Re: Security: TG582n broadcasts serial number unprotected over wifi

‎02-07-2013 9:01 PM

But is it possible to hack a LAN connection from a WLAN connection or the WAN?
Message 10 of 43
(2,165 Views)
0 Thanks
ejs
Aspiring Hero
Posts: 5,442
Thanks: 631
Fixes: 25
Registered: ‎10-06-2010

Re: Security: TG582n broadcasts serial number unprotected over wifi

‎02-07-2013 9:10 PM

By LAN I meant 192.168.1.* - ethernet or wifi doesn't matter if you are handing out the serial number by UPnP.
Message 11 of 43
(2,165 Views)
0 Thanks
gtowen
Rising Star
Posts: 379
Thanks: 13
Fixes: 2
Registered: ‎05-05-2013

Re: Security: TG582n broadcasts serial number unprotected over wifi

‎02-07-2013 9:19 PM

using the default username and broadcast password it would be possible to telnet into the router, from there I'd guess anything is possible Sad
Message 12 of 43
(2,165 Views)
0 Thanks
Anotherone
Champion
Posts: 19,107
Thanks: 457
Fixes: 21
Registered: ‎31-08-2007

Re: Security: TG582n broadcasts serial number unprotected over wifi

‎02-07-2013 11:22 PM

If you change the default password, does the changed password get broadcast?
Message 13 of 43
(2,165 Views)
0 Thanks
ejs
Aspiring Hero
Posts: 5,442
Thanks: 631
Fixes: 25
Registered: ‎10-06-2010

Re: Security: TG582n broadcasts serial number unprotected over wifi

‎03-07-2013 6:15 AM

No I wouldn't have thought so, it's just the serial number (and model number). I saw the same WPS info supplied by an O2Wireless TG 587n v2 nearby, although I haven't seen that SSID recently.
Message 14 of 43
(2,165 Views)
0 Thanks
nanotm
Pro
Posts: 5,756
Thanks: 156
Fixes: 2
Registered: ‎11-02-2013

Re: Security: TG582n broadcasts serial number unprotected over wifi

‎03-07-2013 9:02 AM

that's pretty much the same information on all routers if you use the correct sniffers, its the main reason why all security setup documents state you should change the admin password ASAP, in 2006 when it came out that the HH did this every one had a panic, news papers wrote great pages on the "fundamental security flaw in the home hub" without realising the security flaw in that thing was the inability to change the password and still use bt bb, hence why BT finally changed there netops policy, transmitted new firmware to the routers and changed there dslam to no password required.....
jump forward to 2013 and people newly aware are realising for the first time why the information (that does seem somewhat stupid to a lay person) has always stated you much change the password before using it...
just because your paranoid doesn't mean they aren't out to get you
Message 15 of 43
(2,165 Views)
0 Thanks