Tim's Tech Tips

Today’s tech tip (or the idea for it) comes from CIRT.net, which has helpfully posted a list of home network and device default passwords.

Do you have a wireless router in your home? What’s the SSID? (That’s the network name. As in: “you are now connected to Wireless”) Is it your last name? The name of your router?
what’s your pass-code? No, don’t tell me. I probably already know.

Chances are when you bought that router, you hooked it up, got online and never thought about it again. Got a Netgear router? Well guess what… I’ve got your password.

Got a Linksys, or a D-Link? I’ve got those passwords too. Maybe you’ve got some obscure brand of router not everyone’s heard of… well chances are, I can get that in a minute, and in a matter of a few seconds after that, I can lock you out of your home network, forward traffic on certain ports to a server running on my own computer (thus allowing me to send you to pages filled with viruses, or worse), or even monitor and record traffic on your home network.

Sending an email? I can see it. Having a conversation over instant messenger? I can see that too. Got any wireless security cameras in your home? …You don’t want to know…
Bank account information, credit card numbers, it’s all an open book if your network isn’t secured; and if you didn’t actually go in to your router’s admin panel, and set a password yourself… it probably isn’t set.

Another thing to look out for is, never use personal information as your SSID: For example, your last name – and never, EVER use an SSID which is the same as what you use for the encryption key for your wireless network, or for any other account you have.
Here’s a good example, which was exploited by a friend of mine recently: A person used their last name as their SSID. He went out war-driving (that’s where you have a friend drive the car around a few city blocks and use your laptop to pick up good wireless signals to mess with), and he noticed the obviously not-very-secure network, and did a little digging. He tried some default encryption keys, but none of them worked, until he got an inspiration. Maybe the person used their phone number! Now, he couldn’t tell exactly where the wireless signal was coming from, but he did know the person’s last name, so he simply pulled up www.whitepages.com and searched for that last name, on the street he was at, and voila. He had their phone number. He entered it as the encryption key, and had full access to everything, including their shared files.

A new SSID and WPA encryption key can usually be set by going to one of the following IP addresses:

192.168.0.1, 192.168.1.1, 192.168.0.100, 192.168.1.100 (Just enter the IP address in your browser's address bar)

Then entering your admin password – which should also be changed, and is probably just “admin”. (If you’re not sure, click here for a list of default admin passwords.)

Once you’re in, just look around in the settings for encryption, or security. Make sure you select WPA, not WEP if WPA is available. It may also be a good idea to change the channel (frequency) your router operates on if you’re getting a lot of interference from other wireless networks in the area. Most networks operate on one of the default channels for their router. Changing yours can sometimes reduce interference, reduce lag, and increase range.