Page 1 of 4 1 2 3 4 LastLast
Results 1 to 15 of 49

Thread: Rogers Rocket HUB Netcomm 3G10WVR major security flaw found

  1. #1
    Join Date
    Dec 2008
    Posts
    26
    Feedback Score
    0

    Rogers Rocket HUB Netcomm 3G10WVR major security flaw found : FLAW POSTED

    I have posted in Rogers community forum and I am waiting a reply from someone @ rogers about a major security flaw I stumbled across late last night. If you have one of these routers you can easily be accessed from roaming users, and thus get stuck with a HUGE bill, due to this flaw!!!

    If I don't get a prompt and successful reply from Rogers, I will post the flaw and the fix here.

    Just a heads up, and if you have already had unexplained large bills.. this security flaw could have been exploited...

    Lets see how fast Rogers responds and reacts!!
    Last edited by fmpsportsguy; 10-30-2010 at 02:00 AM.

  2. #2
    Join Date
    Oct 2010
    Location
    Toronto
    Posts
    139
    Carrier
    Rogers
    Feedback Score
    0
    Hi, this is Chris at Rogers. We're on it over in the Rogers Community Forums. Thanks fmpsportsguy!
    My name is Chris and I'm part of the team at Rogers. Follow me on twitter @Rogers_Chris

  3. #3
    Join Date
    Dec 2008
    Posts
    26
    Feedback Score
    0
    HI Rogers_chris.. thanks for your update.. my Update is Monday OCT 25th. 6:01. i will release the flaw on this site... that is unless your security team contacts me prior.. any coincidence to this sites friday.outage... ???

  4. #4
    Join Date
    Jun 2007
    Location
    Elysium Fields
    Posts
    3,705
    Feedback Score
    0
    In before the lock!
    Winner of 3rd Annual HoFies Award.
    Gold Medal for 'Most helpful S60 Hofo'er'
    Bronze Medal for 'Funniest S60 Hofo'er'

  5. #5
    Join Date
    Feb 2002
    Location
    Canada
    Posts
    13,217
    Phones
    A3LSMG900T, L6ARCV70UW, QMNRM-381, A3LGTI9100, PYARM-601, PYARM-529, PPIRM-598, QMNRM-11
    PYARM-244, QTLRH-106, PPIRM-510, QTKRM-364, QURRM-485, QMNRH-66, QMNRH-55, QMNRH-71, QMNRH-34,
    IHDT56PG3, BCG-E2642A, PKRNVWMC679, N7NAC763S, QISE181, QFXRM-675X...
    Carrier
    TELUS, Bell, SpeakOut, CSL, China Mobile, au by KDDI, Travel SIM UK
    Feedback Score
    2 (100%)
    fmpsportsguy,

    Greetings.

    I would suggest you to send your findings to c e o @ r c i . r o g e r s . c o m
    --

    HC - NO "i"
    I am NOT "the" HC, we are TWO different individuals!


    "If we amplify everything, we hear nothing!" - Jon Stewart, Comedian

  6. #6
    Join Date
    Dec 2008
    Posts
    26
    Feedback Score
    0
    Below is the reply from rogerscommunity forum...notice where the rogers employee STATES that the routers are issues a random password??? Rogers flaw for these routers is that they are delivered to customers with WPA2-PSK encryption enabled.. so out of the box, customers MAY think rogers has provide a secure means to use and access the internet.. However!

    The "passwords" for the router are all default, admin/admin, support/support, user/user..... but, the encryption of the router follows a six digit standard number followed by the 4 digit number, the rogersSSID transmitted by the router... SO lets be clear.. the "random" encryption password is a STANDARD 6 digit number, followed by the customers router number which is broadcast by SSID in the following format "ROGERSXXXX"... if you are a netcomm user... you have the first 6 digits on your "SECURITY" key... you just replace the last 4 numbersof your neighbours SSID, and guess what you are connected, free to do what you want...


    So people will think with the encryption provided from rogers, their routers are safe from people accessing their computers/network and unable to download, steal their identities..etc etc... when they are not!!! RESETTING the router will default to this "FLAWED" encryption, allowing anyone who owns this router , or anyone who knows the first 6 digits, and then add the 4 digits transmitted by the router to access the netcomm router... How serious is this flaw?... Netcomm Hub users pay for every byte downloaded, so everyone who can access our routers, the user will have to pay for any and all downloads, or be LIABLE if criminal activity has occured.

    Hopefully I have not posted enough for widespread use/abuse.. but enough for those with these routers to confirm my concerns, and make the necessary changes, and now have the ammunition to dispute any charges with rogers until they officially recognize this blatant security flaw ... if you are a ROGERS HUB user with a netcomm router, and have had extremely high usage charged to your account... this information is your weapon to dispute any charges. Immediately change your SSID and encryption key to something from ROGERS default!

    Rogers has had ample time to have a legal team to contact me in regards to this issue.. I am not responsible for how people use this information... but one thing is CLEAR... the netcomm 3G10WVR router issued by rogers leaves its customers open to identity theft, bank fraud, etc etc... and ROGERS has refused to address this issue in a timely manner..




    Hi xplornetsucks,

    Thanks for your patience, glad to hear your Netcomm issue has been
    addressed.

    In future, for any Rogers related technical issues you wish to escalate, you can reach technical support directly at 1-866-931-3282, where an agent will be able to resolve the issue or have it escalated for resolution.

    The hub follows the same regulations as any other Rogers product, which means the user is responsible for the security of their computer and network at all times.

    The Netcomm comes with WiFi enabled by default which is secured with a random password. If a user wishes to access their WiFi they must then use the password located in their hub documentation, set their own code or disable the security all together.
    Last edited by fmpsportsguy; 10-30-2010 at 02:01 AM.

  7. #7
    Join Date
    Jan 2008
    Posts
    465
    Phones
    IP4S
    w890i, c510a, ONYX, IP4, IP4S, S3, IP5
    Carrier
    Rogers Wireless
    Feedback Score
    0
    are you crazy?

    a - change the key yourself... if you cannot then pay someone to do it.
    b - wpa2 tkip or aes can be cracked no matter what you set it to in less than 5 mins.
    c - buy yourself a "real" router and set wpa and then mac filtering.

    /end

  8. #8
    Join Date
    Dec 2008
    Posts
    26
    Feedback Score
    0
    crazy how... seriously?

    Rogers encodes the routers with a key, IMPLYING security...firmware unchangeable and no support...

    WPA2-psk cracks in 5 min, cool, rogers has the door wide open.. and they do not have documentation suggesting that the "security" they supply is hacked within 5 min. or with my info 5 seconds... edit posting from a google search ... (I have stopped the cracking process as my machine is way too slow to crack the key while I’m still alive… So think about this when doing a WPA2 PSK Audit.) you may want to research wpa2-psk cracking before posting?

    the router you get when you buy a rocket hub (netcomm 3g10wvr is a GSM router... should be enough.. it has 32 mb ram..no way to change firmware with tomato though, and NO support from manufacture or rogers, etc etc..)

    You may have missed the point, where Rogers provides its customers with a supposedly random "encrypted" and secure router out of the box.. you and I may know that it is not safe... but when the "encryption" is not random.. it leads to abuse. Some less than technically advanced users may be subject to usage charges, computer identity theft, etc etc.. because Rogers has given the "ILLUSION" of security and will always blame the customer for everything... my posts has exposed a flaw with how rogers has EXPOSED its customers to a THREAT... yeah I am crazy...

    Quote Originally Posted by porksoda View Post
    are you crazy?

    a - change the key yourself... if you cannot then pay someone to do it.
    b - wpa2 tkip or aes can be cracked no matter what you set it to in less than 5 mins.
    c - buy yourself a "real" router and set wpa and then mac filtering.

    /end
    Last edited by fmpsportsguy; 10-30-2010 at 12:41 AM.

  9. #9
    Join Date
    Jul 2009
    Posts
    1,679
    Feedback Score
    0
    *blinks*

    So you're saying that someone - if they know or make the effort to find out the default password for a router - can connect a customer's router if they are still using the default password...

    I would then ask what the user guide says about the Hub, and whether or not it at all implies that it is secure from the get-go.

  10. #10
    Join Date
    Dec 2008
    Posts
    26
    Feedback Score
    0
    No.. the router is encoded with a 10 digit WPA2-PSK key out of the box...the key to get into the router... if you own this router you have the first 6 digits of the key...the next 4 digits are broadcast by the SSID of the router... so with this info you have the master key...


    Quote Originally Posted by iridescence View Post
    *blinks*

    So you're saying that someone - if they know or make the effort to find out the default password for a router - can connect a customer's router if they are still using the default password...

    I would then ask what the user guide says about the Hub, and whether or not it at all implies that it is secure from the get-go.

  11. #11
    Join Date
    Jan 2008
    Posts
    465
    Phones
    IP4S
    w890i, c510a, ONYX, IP4, IP4S, S3, IP5
    Carrier
    Rogers Wireless
    Feedback Score
    0
    Quote Originally Posted by fmpsportsguy View Post
    crazy how... seriously?

    Rogers encodes the routers with a key, IMPLYING security...firmware unchangeable and no support...

    WPA2-psk cracks in 5 min, cool, rogers has the door wide open.. and they do not have documentation suggesting that the "security" they supply is hacked within 5 min. or with my info 5 seconds...

    the router you get when you buy a rocket hub (netcomm 3g10wvr is a GSM router... should be enough.. it has 32 mb ram..no way to change firmware with tomato though, and NO support from manufacture or rogers, etc etc..)

    You may have missed the point, where Rogers provides its customers with a supposedly random "encrypted" and secure router out of the box.. you and I may know that it is not safe... but when the "encryption" is not random.. it leads to abuse. Some less than technically advanced users may be subject to usage charges, computer identity theft, etc etc.. because Rogers has given the "ILLUSION" of security and will always blame the customer for everything... my posts has exposed a flaw with how rogers has EXPOSED its customers to a THREAT... yeah I am crazy...
    what do you mean no support.. i googled and first hit was the manual for the router.

    I see your point but the reality is still nowadays most of the neighbourhood you will find open aps. While rogers may have a generic key someone with knowledge of the router maybe able to guess it.. chances are people who know what to look for may also be able to crack whatever wpa/wpa2 you implement.

    No wireless ap is safe with wpa/wpa2 if its implemented alone.

    fyi manual for the router

    Also you can purchase various gsm routers that may have more options than this one... or simply disable wifi on it and use a real router through its lan connection and secure it yourself.

    To me your post sounds like typical fear mongery.

  12. #12
    Join Date
    Dec 2008
    Posts
    26
    Feedback Score
    0
    So unless you have broken into someones home... and hooked up your laptop/netbook directly through the rj45 port there is no security.. we are talking about anyone driving by, a neighbour to neighbour connection... through a wireless connection... see my edit to your previous post about WPA2-PSK hacking... the device is IMPLIED to be secure, rogers rep says every device has a random "KEY" (s/ he says password) ... i can show it does not! end of story

    Even you suggest anyone can guess.. but Rogers says they are issued with a "random password"KEY"... random isn't having the same first 6 digits followed by your ssid number.. now is it?


    Quote Originally Posted by porksoda View Post
    what do you mean no support.. i googled and first hit was the manual for the router.

    I see your point but the reality is still nowadays most of the neighbourhood you will find open aps. While rogers may have a generic key someone with knowledge of the router maybe able to guess it.. chances are people who know what to look for may also be able to crack whatever wpa/wpa2 you implement.

    No wireless ap is safe with wpa/wpa2 if its implemented alone.

    fyi manual for the router

    Also you can purchase various gsm routers that may have more options than this one... or simply disable wifi on it and use a real router through its lan connection and secure it yourself.

    To me your post sounds like typical fear mongery.
    Last edited by fmpsportsguy; 10-30-2010 at 01:59 AM.

  13. #13
    Join Date
    Dec 2008
    Posts
    26
    Feedback Score
    0
    Fear mongering??... I have included links to photos taken... one of my laptops wireless connection to my neighbours router... and one of MY connection to MY router to PROVE that connecting to a WPA2-PSK secured router provide by rogers with default key is easily accessed..

    MY Router connection: (screen capture below)



    My Neighbours connection accessed by notebook... photo taken



  14. #14
    Join Date
    Dec 2008
    Posts
    26
    Feedback Score
    0
    So.. proof is now in the open..that means that while I may have been able able to access my neighbours router, the same could be said that he could have been able to access mine.. Since Rogers has not acknowledged this issue.. I guess I can say that any Data charges over the First tier of my plan ($30 for 3 gigs) .. MAY have been from my neighbour or any experienced hacker exploiting this basic knumbskull approach to wireless security on rogers part! Trust me, MY WPA2 key has been changed since I discovered this flaw.. but prior???... how many rogers customers are still on default? How do we know the same "security" hasnt been implemented on the ericcson devices.. many people complaining of speed slowdowns.. but if you are sharing the network with others unknowingly and have high data usages... and the same "security" was /is deployed on the ericssons.. who knows? who knows?

  15. #15
    Join Date
    Dec 2008
    Posts
    26
    Feedback Score
    0
    and finally a COPY of a what I had posted on rogers community forum before it was deleted, and resulted in me posting my findings here.. no I was never contacted and no i never got any cash from rogers for keeping quiet!


Page 1 of 4 1 2 3 4 LastLast

Similar Threads

  1. security flaw on message level setting?
    By Scottish Skyedance in forum Boost Mobile
    Replies: 4
    Last Post: 03-05-2010, 08:35 AM
  2. Replies: 31
    Last Post: 01-19-2010, 12:08 PM
  3. Replies: 10
    Last Post: 01-11-2010, 07:07 PM
  4. ROGERS HSPA+ ROCKET STICK on ROGERS 6GB DATA PLAN
    By lukeiphone in forum Rogers Wireless
    Replies: 11
    Last Post: 11-11-2009, 06:12 PM

Bookmarks