<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.32.2">
</HEAD>
<BODY>
I'm thinking the main router is older, and hasn't been updated. So, it might be that a truer statement is "It COULD BE compromised if somebody bothered". <BR>
<BR>
However, it is scarier to make ominous statements and you have to pay to MAYBE get more detail. <BR>
<BR>
I have to decide if this is a dragon I want to slay. <BR>
<BR>
Thanks, <BR>
<BR>
Neal<BR>
<BR>
On Sun, 2019-01-20 at 23:45 -0500, DJ-Pfulio via Ale wrote:
<BLOCKQUOTE TYPE=CITE>
<PRE>
If the Linux kernels on those devices aren't newer than early 2018,
there are remote exploits. A quick fingerprint of the router/AP packets
should provide the kernel version, right?
There are some WiFi experts lurking, I'm certain.
The comcast exploit could be as simple as knowing the default,
unable-to-be-changed, customer router password, if access to 10.1.10.1
is possible. Spent over an hour trying to get a new password accepted
with a bored Comcast Biz level-3 support guy a few years ago. It would
work, until their nightly updates reset it. I haven't tested it again
since they swapped out the old Biz equip for new. I use their device as
an untrusted bridge.
This is why we always say to use a VPN on any wifi network. I don't even
trust the wifi in my house.
On 1/20/19 11:11 PM, Alex Carver via Ale wrote:
> On 2019-01-20 17:33, Neal Rhodes via Ale wrote:
>> So, I don't know what possessed me to turn on the Verizon supplied
>> security app on my Samsung phone. But, I did.
>>
>> And as soon as I walked into church, it lit up with a message about the
>> wireless in the main hall, to wit: "the security of this network has
>> been compromised!"
>>
>> and it double dares me to ignore it. And it repeats. Now, I'm not
>> personally iinvolved in this network; I recall it's maybe a business
>> Comcast router feeding some Cisco wireless routers. Doesn't seem like
>> hardware that would get compromised.
>>
>> Then I walk into the Sanctuary, and it switches wireless and complains
>> again. Now, the only wireless in the Sanctuary is a Linksys router
>> which is connected to the Behringer X32 digital sound board. It has NO
>> connection to the internet at all, and only three devices know the
>> password. Those devices manage the sound. uhhhh, how is it even
>> possible this device/wireless has been compromised?
>>
>> Naturally, the Verizon app, powered by McAfee, won't tell me any details
>> about these alleged compromises, but it does offer to sell me their
>> enhanced WiFi protection. I have to suspect this is scareware.
>>
>> However, I'm wondering if there is some reasonably simple scan I can do
>> with normal Android or Windows software to discern if there is any
>> credence to this?
>
> I did a very rapid search for anyone complaining of the app coming up
> with warnings like this. Some of the complaints are on Verizon's
> message boards where they say the app doesn't specifically figure out
> how it's been compromised. First thing I can think of is that the app
> probes the network and determines whether you can connect to other
> wireless devices on the same AP. One of the possible AP configurations
> for decent APs would be to isolate clients from each other so the app
> may be sensitive to that as that could technically be a coffee-shop
> attack vector. The other thought is an AP using WEP or WPA instead of
> WPA2 (ignoring KRACK). Either way a lot of people seem to get the
> message so it appears to be overly sensitive.
_______________________________________________
Ale mailing list
<A HREF="mailto:Ale@ale.org">Ale@ale.org</A>
<A HREF="https://mail.ale.org/mailman/listinfo/ale">https://mail.ale.org/mailman/listinfo/ale</A>
See JOBS, ANNOUNCE and SCHOOLS lists at
<A HREF="http://mail.ale.org/mailman/listinfo">http://mail.ale.org/mailman/listinfo</A>
</PRE>
</BLOCKQUOTE>
<BR>
</BODY>
</HTML>