What kind of security threat changes your wireless router configuration?

By chris.roush ·
My mom had a friend bring her laptop to her house. After she attempted to connect to Mom's network the SSID and security settings for her wireless network were changed (the router using the default password). It also pushed these new wireless network settings to all of the Windows devices on her network and allowed them to connect through the new network. Any ideas on what this might be?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

You answered your own question.

by seanferd In reply to What kind of security thr ...

"Default password."

<b>Never</b> leave default passwords on anything. Everyone knows them!

Actually, a lot of routers can be accessed <i>over the internet</i> to do this because of vulnerabilities, especially in the web interface. But most of those vulns are useless if you just use a strong password on the router.

It may have been coincidental, and someone cracked into the wireless locally, or into the router over the net. Or, sure, there could have been malware on the friend's machine. A lot of such malware is network-aware, and will spread through the entire LAN.

Sacn all the machines now with the installed AV. Use also free version, and scan systems in safe mode. Keep machines disconnected from the network until they are clean.

Make sure no machine on the network has Administrator accounts as the default user accounts for normal use. Very bad.

And set a strong password on the router. No dictionary words, names, etc. Mix of numbers and letters, at least 10 characters.

Lots of malware could do this, it is not unusual.

The friend should also have his or her computer checked and cleaned in case it is malware. Whether cracked by a human or a program, the changes made can be used to recruit the machines into a botnet, steal personal info like banking and credit card information, or simply to steal wireless access.

Collapse -


by chris.roush In reply to You answered your own que ...

If the password on the router had be changed from the default the script would have failed; malicious or not. That problem has been resolved.

Collapse -


by seanferd In reply to Agreed!

I hope the rest of the mystery is resolved as well.

Excellent that you were able to have the password changed. Some people are very resistant to this.

Collapse -

"Setup Wizard"

by oldbaritone In reply to What kind of security thr ...

Many manufacturers (like HP) are including some kind of "Wizard" to connect to a wireless network. Many of these Wizards understand common routers and will set up security on them automatically.

I had this happen with a friend who purchased a new computer, tried to connect to her network, and called HP - who told her to reset her router to factory defaults so the wizard could run. Of course, then her new machine worked fine, but 4 others on the network couldn't connect any more. We ended up doing another reconfiguration so all the machines would talk to the 'net.

My personal opinion about "Wizards" comes from mythology - they are often practitioners of the Black Arts, not understood by common folk, and when one offers "help" - BE CAREFUL because Wizards sometimes extract a terrible price in exchange for their services which the unsuspecting neophyte doesn't learn until it's too late.

Sounds like such may be the case here...


Collapse -

This would be the best case scenerio

by chris.roush In reply to "Setup Wizard"

I agree that this may have been the case. It did not seem malicious other than disconnecting the devices that were non-Windows. It is a little scary to me that a wizard could also change the settings for the other Windows devices on the network though. The main problem is that the default password was left on the router. This has been changed.

Collapse -

That is a bit freaky.

by seanferd In reply to This would be the best ca ...

So much done in the name of user-friendliness. Ugh.

I certainly hope this is the problem. I will certainly look out for such helpful software in the future, myself.

That it changed the broadcast SSID and keys is worrisome.

Collapse -

That's the way the Wizard works

by oldbaritone In reply to This would be the best ca ...

You tell it what kind of router you have, and it looks for it at the "default gateway" address. It uses the default ID and password, signs on, generates a random SSID and password, sets them, reboots the router and configures the computer.

Actually, it's a great security improvement IFF (as in IF-AND-ONLY-IF) there is only one machine on the wireless network. Names are obscure, passwords are impossible-to-guess. Since it's all behind-the-scenes, the user just grins and it works. The wizard offers to make a setup disk or image to use on other computers. It contains all of the IDs, passwords and secrets, and runs the setup wizard on another machine.

EXCEPT if it's non-windows, or old version, or ...

and then you're out of luck.

Collapse -

Your Mom's friend pushed the RESET button on the router

by robo_dev In reply to What kind of security thr ...

and held it for ten seconds, clearing everything.

Now their laptop can connect and so can everything/everybody in the whole world, for the security is turned off, and the ssid is either Netgear or Linsksys.

Collapse -

It's more complex than this

by chris.roush In reply to Your Mom's friend pushed ...

The SSID was actually the friends computer name with a totally different WPA key. Two devices that were connected to the network when she tried to connect actually have the WPA key for the original network settings changed and the new network settings configured to match the new router settings. The non-Windows devices (printer and iPod touch) where not able to connect because the settings for these devices could not be altered.

Collapse -

Does your router do WPS (Wireless Protected Setup?)

by robo_dev In reply to It's more complex than th ...

Some routers have a feature that lets you automatically provision WPA clients, maybe this was fiddled with???

Related Discussions

Related Forums