Two Admins Walk Through a Back Door… January 18, 2018

LISTEN-NOW-DIY-CYBERGUYWe have another great show today that starts with two large tech companies which set all of up a line of products with a default username of “admin” and a default password that is also “admin.” And, you may be surprised to learn that you own one of these items – and have to fix it!

– Huawei (pronounced “Wah-Way”) EcoLife Router (Password = admin) – Must fix
– Intel computers have a Bios password of ‘admin.’ No, really.
– If you start your car with a touch of a button, and you like your car – play close attention.
– Bitcoin -If you use BITCOIN, or think you have some Bitcoin in an old digital wallet somewhere, or you know anyone who uses Bitcoin in any way, you need to listen to this show – we have a “hack” that is a little more unnerving than traditional hacks.

Our guest is Philip Andreae who will help us understand why we can’t swipe our credit cards like the old days, and he fills in some blanks on Bitcoin as well.

Enjoy!

######

Huawei (pronounced “Wah-Way”) EcoLife Router hack – Must fix

Hair on fire – 5 of 5 – fix this ASAP (Don’t worry, it’s easy)

Effected routers: Huawei Ecolife home routers (tested model HG532)

Fix – change the password

This is an active hack – hundreds of thousands already infected.

How To fix:

When you are on your network, just type 192.168.1.1

Default username = admin. Default password = admin.

Change the password to anything but “Admin”! Could be in a few different places once you log in, for most of you it will be under ‘settings’ or ‘maintenance.’

What is the problem? Malicious program called Satori. Infects the router to add it to a Botnet. Satori can also allow an attacker to take control of your home network – have not seen that yet, but it is possible.

Why is it bad to have someone take control of your network? – pretty obvious; they can see what your doing, and possibly take control of the computers on the network.

Why is being on a botnet bad? Millions of computers doing the same thing at the same time:

  • take down any web site
  • block all internet access in a geographic area
  • mine Bitcoin without you knowing

Huawei Hack Article

https://threatpost.com/code-used-in-zero-day-huawei-router-attack-made-public/129260/

Recap – critical problem, active attack. Reset the password. Done.

 

Intel AMT Flaw

Hair on Fire – 1 to 5

If you have a small business, and you don’t use a professional IT person for your small network, this a ‘hair on fire’ score of 3 out of 5.

And, if you have an unsecured guest network at your small business, this is a 5 out of 5, which means – stop what you are doing and get this done.

FIRST – put a password on your guest Wi-Fi. Never, ever leave an open Wi-Fi unless you are Starbucks. And don’t make the password, “Password 1”

Make an 8 character password (or more) and put a card on every table (or whatever) so your customers can see.

Apparently, another password was found in the program that runs the central processor in your computer. Here is what the bad guy does – and this is public already so I’m not telling the hackers something they don’t know. Link in show notes.

  • hacker gets physical access to your computer
  • Turns it off
  • Turns it on
  • While its booting, hits “Control/P key or something similar, which switches to the AMT BIOS extension., which asks for a username and password.
  • “Admin” can be entered as username and password!!!!
  • Now, the hacker can
    1. get remote access to your computer, and any computer on your network.
    2. Change the password
    3. All of your computer’s security can be bypassed as long as the attacker is on your Wi-Fi or network.

Fix:

First – do you have an Intel chip?

How to find if your Mac book uses an Intel Chip:

  • Click the Apple icon in the extreme upper left corner
  • Click the fist option on the dropdown menu – ‘About this Mac’
  • The Pop Up Window will tell you a few items; look for “Processor” If you see the word ‘Intel’, then congratulations, you have this vulnerability

 

How to find if your Window computer uses an Intel Chip:

  • Click on the start button to open the start menu.
  • Right click on “This PC” (or, if you have Windows 7, click “My Computer”)
  • Click on “Properties”
  • Check the “Processor” listed in the “System” section inside the properties window.

Next part of the fix: Change password, to anything but ‘admin’

DO THIS CAREFULLY – BE SOBER – NO WINE – TAKE IT SLOW

You are going into a sensitive part of your computer. If you make a mistake, you can brick your device.

Good article here, scroll down to point #3. http://support.radmin.com/index.php?/Knowledgebase/Article/View/9/9/How-to-set-up-Intel-AMT-features

1) Reboot your computer

2) Most of you will hit <CTRL + P> while booting up to get into the bios settings; for others, hitting F2 (or Dell) while booting will take you to the Bios settings where there is a separate tab for Intel AMT (Active Management Technology)

3) Follow the steps change the password; instructions should be on the screen.

Important – if you don’t see the things I’m talking about when you reboot, you may not have the particular Intel chips that cause this issue. Stop – exit out.

*** When the password is reset, the problem is solved– then that computer is safe, at least from this hack.

 

More instruction on how to fix this:

Google “how do I change the Intel AMT password” or click

https://www.google.com/search?q=how+do+i+change+the+intel+amt+password or

https://business.f-secure.com/intel-amt-security-issue

RECAP- only bad on a network, and attacker needs physical access.

Small business with guest Wi-Fi at risk

Fix is only a few steps to reset the password, but do it CAREFULLY.

NEXT

Car keyless entry system attack

Hair on Fire for most of us: 1

If you LOVE your car, and insurance can’t really replace it this is a 4 out of 5.

Easy fix – faraday cage purse.

Most new cars have a wireless key “fob” which allows you to start the car with just a push of a button, as long as your key fob is nearby. It is basically a little radio transmitter on your keychain.

Hack starts with someone ‘recording’ the key emitted by your key fob. They need to get within a few feet of you, about as close as someone waling near you on a crowded sidewalk.

Then the attackers (two are needed for this one) maneuver two devices to fool the car into unlocking and starting the ignition.

Creepy video of this actually happening to a Mercedes in the UK: https://www.youtube.com/watch?v=bR8RrmEizVg

Original hack described by responsible researchers.

http://conference.hitb.org/hitbsecconf2017ams/materials/D2T2%20-%20Yingtao%20Zeng,%20Qing%20Yang%20and%20Jun%20Li%20-%20Car%20Keyless%20Entry%20System%20Attacks.pdf

Comments about last week’s broadcast

Meltdown and Spectre Follow Up

No actual attacks yet!

This is the first time we have found a vulnerability that is based on the way our central processor works. Keeping the processor firmware up to date is a lot harder than software updates.

Last week I said, no attacks. This week….tide is turning. Lots of chatter on hacker boards of people claiming to be able to exploit. One said, ‘ I will wait a few weeks before I set the world on fire.’

This issue will keep coming up – stay tuned.

Links to Update pages:

https://www.bleepingcomputer.com/news/software/list-of-links-bios-updates-for-the-meltdown-and-spectre-patches/

That’s it! remember to send your questions to questions@diycyberguy.com!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s