[ale] Slightly OT - Verizon/McAfee scareware and testing Wireless Networks

[Neal Rhodes]

I'm thinking the main router is older, and hasn't been updated.    So,
it might be that a truer statement is "It COULD BE compromised if
somebody bothered".  

However, it is scarier to make ominous statements and you have to pay to
MAYBE get more detail. 

I have to decide if this is a dragon I want to slay. 

Thanks, 

Neal

On Sun, 2019-01-20 at 23:45 -0500, DJ-Pfulio via Ale wrote:

> If the Linux kernels on those devices aren't newer than early 2018,
> there are remote exploits. A quick fingerprint of the router/AP packets
> should provide the kernel version, right?
> 
> There are some WiFi experts lurking, I'm certain.
> 
> The comcast exploit could be as simple as knowing the default,
> unable-to-be-changed, customer router password, if access to 10.1.10.1
> is possible. Spent over an hour trying to get a new password accepted
> with a bored Comcast Biz level-3 support guy a few years ago. It would
> work, until their nightly updates reset it. I haven't tested it again
> since they swapped out the old Biz equip for new. I use their device as
> an untrusted bridge.
> 
> This is why we always say to use a VPN on any wifi network. I don't even
> trust the wifi in my house.
> 
> On 1/20/19 11:11 PM, Alex Carver via Ale wrote:
> > On 2019-01-20 17:33, Neal Rhodes via Ale wrote:
> >> So, I don't know what possessed me to turn on the Verizon supplied
> >> security app on my Samsung phone.   But, I did. 
> >>
> >> And as soon as I walked into church, it lit up with a message about the
> >> wireless in the main hall, to wit:   "the security of this network has
> >> been compromised!"
> >>
> >> and it double dares me to ignore it.  And it repeats.    Now, I'm not
> >> personally iinvolved in this network; I recall it's maybe a business
> >> Comcast router feeding some Cisco wireless routers.   Doesn't seem like
> >> hardware that would get compromised. 
> >>
> >> Then I walk into the Sanctuary, and it switches wireless and complains
> >> again.   Now, the only wireless in the Sanctuary is a Linksys router
> >> which is connected to the Behringer X32 digital sound board.   It has NO
> >> connection to the internet at all, and only three devices know the
> >> password.  Those devices manage the sound.  uhhhh, how is it even
> >> possible this device/wireless has been compromised?
> >>
> >> Naturally, the Verizon app, powered by McAfee, won't tell me any details
> >> about these alleged compromises, but it does offer to sell me their
> >> enhanced WiFi protection.    I have to suspect this is scareware.  
> >>
> >> However, I'm wondering if there is some reasonably simple scan I can do
> >> with normal Android or Windows software to discern if there is any
> >> credence to this? 
> > 
> > I did a very rapid search for anyone complaining of the app coming up
> > with warnings like this.  Some of the complaints are on Verizon's
> > message boards where they say the app doesn't specifically figure out
> > how it's been compromised.  First thing I can think of is that the app
> > probes the network and determines whether you can connect to other
> > wireless devices on the same AP.  One of the possible AP configurations
> > for decent APs would be to isolate clients from each other so the app
> > may be sensitive to that as that could technically be a coffee-shop
> > attack vector.  The other thought is an AP using WEP or WPA instead of
> > WPA2 (ignoring KRACK).  Either way a lot of people seem to get the
> > message so it appears to be overly sensitive. 
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> https://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.ale.org/pipermail/ale/attachments/20190121/5bed0b33/attachment.html>