Hacker claims most DSL modems in Ireland can be hacked

8 Feb 2012

A software developer and amateur hacker has claimed the existence of exploits for wireless routers currently used by Eircom that theoretically would allow hackers who know what they are doing to break into their neighbours’ wireless networks.

In a blog published this morning, software developer Ross Canpolet referred to an exploit called RouterPWN v:1.3.138 that allows several methods of hacking routers and modems, such as Eircom’s popular ZyXEL P-660.

“I can confirm that the ZyXEL p-660HW-T1 v3 model running v3.70 (BOE.2) D0 | 03/01/2010 can be targeted and exploited,” Canpolet wrote.

Canpolet confirmed to Siliconrepublic.com that he has warned Eircom of the issue so that the operator can fix it.

He pointed out that the ZyXEL exploits, known in hacker terminology as “pwnage”, allow hackers to change and create an admin password, enable local admin logins, restart the device at will, change the router firmware and reset the device to factory settings, among quite a few things.

Canpolet said the vast majority of DSL broadband connections in the country can be theoretically hit by “pwnage” attacks.

He says the methods of obtaining a user’s IP address are endless and pwnage exploits are easily accessible online.

Canpolet was able to test three different exploits on his own router that enabled prestige unauthorised reset, ZyNOS configuration disclosure and prestige privilege escalation.

“You might think that this is a pretty minor amount of access to have on the router. However, allow me to run some ideas past you. Getting Admin access will allow you to destroy the box (requiring a hard reset), it will blatantly show you the Wi-Fi encryption key (allowing you to steal internet). It will allow you to bring down the network’s Firewall,” he pointed out.

Canpolet warned he will be posting more data soon on how such exploits will work on Vodafone and UPC routers and urged Eircom to fix these issues as soon as possible.

Canpolet describes himself as an Irish amateur hacker. “I am by no means a malicious hacker. I have no reason to destroy property, data or steal money from people, unlike a lot of hackers existing today.

“For this specific hack, I haven’t written any of the exploits. I’m just sharing information I received and I’m presuming Eircom are not aware of these existing problems. I have average knowledge in security penetration testing and I’m completely self-educated in what I do.”

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years