Tag Archives | password

Everybody can hack into your Blink wireless router!

It’s not a secret anymore that the routers you get from Ogero once you subscribe to their Blink DSL service can easily be hacked since their WiFi password is very easy to retrieve.

First of all, Blink routers are by default secured using WEP encryption which is very weak and can be cracked using wireless penetration tools. Second, they can easily be identified since they all have an SSID (network name) following this pattern “BlinkXXXXXX” where XXXXXX is a 6 character code, and this isn’t just any random code as it is derived from the router’s serial number. Unfortunately, the same applies to the WiFi password, it isn’t generated randomly but rather derived from the router’s serial number as well.

Logically speaking, if you encounter a Blink network and were able to reverse the operation in a way that lets you guess the router’s serial number from the 6 character code in the SSID, retrieving the password would then be a piece of cake since it can be derived from this serial. That’s basically what some people have been doing for a while now since several tools are already available online allowing you enter the 6 character code once you stumble across a Blink network, and gives you the password in a few seconds.

Up until lately, I was thinking the usage of these tools was somehow minimal and limited to techies since you will rarely find them on Lebanese website, until I lately came across this new Android application called “Hack Blink” with a download count of over 10,000 and rapidly increasing.

hack blink

Using the application is very straight forward, you enter the code and wait for the password, I tried it and it does work. So if you have a blink subscription, be sure someone around you will soon or later have this application and eventually start consuming your bandwidth.

Fortunately, there is a way to stop people from doing that by reconfiguring your router using this manual I found on Ogero’s website (which applies to Thomson routers). I strongly recommend you use that manual to change your SSID and setting the encryption algorithm to WPA2, in addition to of course changing the default wireless password. If you encounter any difficulty, make sure to either contact their customer support or just head to the nearest Ogero office in order for some support person to help you do it.

Best solution is definitely for Ogero to stop ordering their routers to be configured this way!

Thanks to @ZuZ for the information he previously provided in this post.

Update:

@AbirGhattas just informed me “Hack Blink” was removed from the Play Store. I still recommend you change your router’s default settings.

17

The information branch wants your passwords!

According to this article in Lebanon Files today, it seems that the intelligence-oriented Information Branch has asked the ministry of telecommunication for all SMSs that has been exchanged over the two months that preceded the assassination of General Wissam Al-Hassan back in October 19th, in addition to our internet accounts and Facebook passwords!

ذكرت صحيفة “السفير” ان شهية الأجهزة الأمنية ولا سيما شعبة المعلومات، فُتحت من جديد على “داتا” شبكة الاتصالات الخلوية في لبنان، مع فارق خطير هذه المرة، تمثل في عدم الاكتفاء بطلب تسليمها حركة الاتصالات، كما كان يحصل في السابق، ليصل الأمر إلى مستوى غير مسبوق، في خطورته وتداعياته، مع طلب الشعبة الاطلاع على محتوى كل الرسائل النصية الخلوية المتبادلة بين جميع المواطنين، على مدى الشهرين اللذين سبقا اغتيال اللواء وسام الحسن، إلى جانب الحصول على كلمات المرور (باسورد) لشبكات الإنترنت والفايسبوك التي يستعملها اللبنانيون.

وفي هذا السياق , أكد وزير الاتصالات نقولا صحناوي للصحيفة ان الوزارة تلقت طلباً بالحصول على محتوى الرسائل النصية وكلمات المرور (باسورد) لشبكات الإنترنت والفايسبوك العائدة إلى اللبنانيين، على مساحة كل لبنان، محذراً من أن الموافقة على هذه الاستباحة ستجر المزيد لاحقاً.

وأكد أنه رفع هذا الطلب إلى الأمانة العامة لمجلس الوزراء من أجل درسه، “مع توصية من قبله برفضه ورده، آخذاً على الهيئة القضائية المختصة بالنظر في طلبات الأجهزة الأمنية أنها تكتفي بتسجيل موقف عابر، بينما المطلوب أن تكون أكثر فعالية في صون الدستور وحقوق المواطنين.

It’s weird that the Information Branch is asking for our Facebook password since that means ISPs in Lebanon are actually keeping a log of all passwords we input! Anyway, I hope the government rejects this request and instead agfrees on supplying data related to specific people and during a reasonable time frame.

3

Powered by WordPress. Designed by WooThemes