Skip to content

Security Tool – Australian police are war driving – to reset default router passwords

02/11/2012

Australian police are war driving for open wifi home routers.  The police even write to home owners, where the encryption on the Wifi is set to WEP.
So full credit to the Australian police for their efforts to tighten up security.

Even more exciting we find the German police are fining home users who don’t set a password on the router.
Okay, so back to the UK.  Most home users don’t know how to access their router, let alone reset it’s default password.  The dangers of a default password cannot be over emphasised.  Hackers will know the defaults, and test for them.  If 80% of the routers out there are set to default passwords, that’s 80% of the home routers that don’t even need to be cracked.

To access your home router page

1. Go to your web browser, eg Firefox or IE.

2. In the Browse bar, type in 192.168.1.1  ( nearly all home routers use this default IP).

3. A banner page for the router will appear.  It will ask you to login.


At this point, you’ll need to find the default password.  Usually the defaults are on the underneath of your home router.

Each router is different.  If you’re operating on a default password, then we’re in trouble.

Enter the routers default password (probably on the underneath of your home router) and you’ll enter the main config of your router, which is different for each router.

4. Reset the router password, but make sure it’s a password you’ll remember.

For ZyXEL you browse along

Maintenance > System > General

5. Next, we want to check the encryption settings.  Most importantly we want to make sure it’s not open or working on WEP…both of those are leaving the backdoor wide open.

Under ZyXEL we browse

Network > Wireless LAN > General

If you see WPA or WPA2, then you’re safe, and working with a decent level of encryption.

Router manuals – DEFAULT PASSWORDS 

If you don’t know the routers default password, then hackers will probably look it up on http://www.portforward.com.
This great site will look up your router manufacturer and model, and show you how to configure it.

http://portforward.com/default_username_password/

Its searches by router manufacturer and model for the default password –  ZyXEL uses “1234”, wow, no hacker would ever guess that.  You can see how default passwords offer no protection.  So take a lesson from the Australians and Germans – and reset those default router passwords.

9 Comments
  1. The real reason for the war-driving is so that there’s a legal record of X having a secure hotspot, so that X has no out when big media sues them for downloading copyrighted works. Don’t kid yourselves…

    • That’s an interesting argument. Germany issues a fine for an open wifi – but that acts as the legal cap on damages for downloading. This seems fair. It’s a small fine, but acts as a shield against media companies suing for damages for what has been downloaded. I don’t know what the Australian position is on this – but it’s something that I’ll try to find out. Good question, so thank you.

      • John Poot permalink

        Easy answer – the Australian position is to pander to BigMedia. As has been said, an open router is a defence.
        That defence Must Be Removed. That’s best done using Taxpayer Funds. ergo, the Government is hard at it. As usual.

      • So it looks like the motive for police war driving could be prosecuting the little people for media moguls.
        Therefore, if I’m getting this right, I’d have to offer/find a bullet proof system to protect you before I could convince you to password protect an open wifi. Okay, I’m with you.

  2. be bop permalink

    leave it open. If the government doesn’t like it… its good for the people. For instance they won’t be able to know what sites you visit and use them against you.

  3. I might write an article on VPN, and how to visit sites anonymously. Not all VPN’s are equal – and you have to select those that hold no server logs. Thanks for all the great ideas.

  4. Paris permalink

    What if one does not care if others use their router?

  5. Access to your router would allow an attacker to view all your login id’s and passwords. Just like trusting everyone with your credit card, it will be abused. ID Theft is the big risk.

    So putting passwords on your router is to protect it from criminal misuse by others (just like the pin on your bank account), it’s exactly the same.

    The issue of stopping the state monitoring your browsing or downloading is a second issue, and I’ll look carefully into this for the best option.

    Startpage offer SSL encrypted searches, that do not keep your search queries. This means the state can’t monitor your search queries… nor serve a court order to obtain them. It’s a quick win, to keep you off the Google surveillance infrastructure.

    Do not use Gmail as they’re wiretapping you. Use startpage or duckduckgo for searches. Use hushmail until 2013 when startpage offer startmail.

    Use ghostery or privacyfix to remove trackers and advertising cookies.

    Privacy has to become a lifestyle. I wish that leaving the router open was an option… but the growth in ID Theft means that you’re sidestepping a civil offence (copyright) but might become liable for a criminal offence instead (financial fraud, ID Theft). You would have to prove to the courts, that 1. you didn’t do the crime and 2. that some other person was masquerading as you… a tough order in court. So I’d say put a password on your router, and opt for a privacy lifestyle…

    I hope that explains where I’m coming from.
    I’d rather ignore a civil wrong (ie a copyright offence), if I can stop ID Theft (a crime). That is completely the reverse of the media moguls perspective.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 160 other followers