I was always fascinated by the things one can do by combining tools. This post is dedicated to the famous IoT security search engine - Shodan and an app that holds the list of known router vulnerabilities.

You already see where this is going. Just one shodan query gives you access to the list of of internet facing routers. You can even limit the search results:

router country:"NZ" city:"Auckland"

It’s not a big issue by itself - many people need remote access and set up passwords to protect their precious router web-interface.

But this is where the second tool comes in - RouterScan (conveniently crafted by our Russian friends). All routers we discovered before are scanned for known vulnerabilities and simple login pairs - such as admin:admin or support:support.

If successfully exploited, this tool goes one step further: it pulls out wi-fi credentials and other important router information.

Needless to say that the resulting list can be used in multiple malicious practices - from botnet creation to the simple local computer hacking.

A scan was made which confirmed that one of Auckland internet service providers sends out preconfigured routers with external interface enabled and appallingly simple access credentials. Out of 3000 routers scanned about 500 were found to be easily accessible.

ISP has been notified, hopefully they will take action to fix this.

A word of caution: mind your security!