National broadband provider iiNet this week said the default setup of its new BoB Lite ADSL router – which leaves its Wi-Fi functionality open and the device’s administration password publicly available – was “standard practice” used by router manufacturers.
“… your network is laid bare for the world to access. iiNet concedes this point with a slim leaflet in the box that suggests you set up a wireless access password. Call us picky, but even a simple predefined password would be a better bet for a product that’s pitched squarely at network novices,” consumer technology site CNET.com.au wrote in its review of the device.
An iiNet spokesperson disagreed the issue was a problem. “It is standard practice for wireless routers to follow the same set up protocols as BoB Lite when logging into the user interface,” they said in a statement, noting that the company also emphasised the need for customers to change their passwords regularly and follow safe online practices.
“We send out regular reminders about the importance of secure passwords and detailed information is available on our website and from our support team,” they added.
Security analyst James Turner – an an advisor with Intelligent Business Research Services – said ISPs needed to be thinking about and planning for the future when it came to security – as when Australia had a nationwide fibre network in the form of the National Broadband Network, they would be “creating a rod for our own backs” if they didn’t get consumers used to the idea of implementing security features in their devices.
Turner didn’t consider it likely that many iiNet customers would have their BoB Lite broken into in the sparse minutes between turning on the device and setting up a Wi-Fi password and encryption such as the commonly used WPA2 standard — as that would require an attacker to be in the right place at precisely the right time and to log in to the router.
But it would be a different matter if users simply left the Wi-Fi open permanently, he said – noting he wouldn’t personally leave an unsecured Wi-Fi router set up that way.
The analyst pointed out there were groups in the community who would exploit such open systems – such as the Anonymous network of individuals who have recently been wreaking havoc on the technology systems of financial institutions and governments alike.
Turner noted as well that there were some people in the community who had what he described as “some very unusual fetishes” — adding that if such individuals had a modicum of knowledge about computer security, they wouldn’t download illegal content through their own home internet connection. Open Wi-Fi networks could provide such people with the anonymity they needed.
Image credit: iiNet