Sunday, March 19, 2017

A warning to all SMART / RG users

So I was at my friend's house working on the youtube show that we do every week (Pottawa) and, since my phone had broken a few days before, I had my tablet with me and needed to connect it to the wifi.

He told me that the wifi password is the same as what's written on the back of the modem, and I, expecting to find some type of sticker with the WPA key, looked at the modem but only found the mac address listed. I thought surely that they wouldn't be doing something as stupid as using the MAC address (BSSID Public broadcast) as the pre-shared encryption key, but I thought, whatever I will try it anyway.

I wrote it in all caps and it, of course, didn't work because they couldn't be that stupid right? Well, I had my laptop with me and decided to try to log into the modem and see if it had the key listed in the modem setup page.

After 2 tries, I was able to log in with admin/admin and went to the page to find to my horror that indeed, the default password was the base MAC address. I then compared the key to the broadcasted BSSID and found that the BSSID and the WPA-PSK differed by only the last digit, e.g. "XXXXXXXXXXX9" was the BSSID and XXXXXXXXXXX7 was the key.

I thought ok, this isn't quite as bad as I first thought until I suddenly realized. The default ESSID. The last 4 characters... it matched the key, not the mac.

So!! this means, the default password for Primus ADSL Wifi Modems is the first 8 characters of the Public BSSID broadcast (Visible with apps like wigle) + the last 4 characters of the ESSID (The publicly visible name of the Wifi)