Cell phones, modems, routers and similar devices are a lot easier to hack than most people think, making them an opportune target for criminals looking for an easy way to pierce a network, a researcher from Juniper networks says. Speaking at the CanSecWest security conference in Vancouver, Barnaby Jack demonstrated how a …
Qtopia aims to fix that
Trolltech aims to rectify that in it's next release of qtopia for mobile devices. More info at the folowing link: http://doc.trolltech.com/qtopia4.2/sxe.html
I've got this PC at home. I found out last night, that by simply opening the box, and taking out the hard drive a criminal can remove Linux and install Windows 2000, making the machine completely insecure, but he can't do this remotely - what a relief there.
Seriously, Mr Jack is doing two things with his fud, both of which make me mad:
1) Showing a really crap example. A few early router devices might have allowed admin access on the 'wan' side, but virtually none default to that now.
2) There's a small chance that in response router manufacturers start removing the JTAG connectors and serial consoles from boards, thus ruining the fun for thousands of hackers (not crackers) and hobbyists creating solutions based on OpenWRT (www.openwrt.org), or even less likely projects like my router-based alarm clock: http://www.biffer.talktalk.net/sweex/clock/
Please don't publish stuff like this again.
Dr Dobbs been talking about this for years...
This shouldn't be news... go to Dr Dobb's and look up Ed Nisley's articles, you'll find a wealth of information there. He won't tell you specifics, but enough detail to get you seriously thinking...
Remote Attack is possible
Many large (especially financial) organizations have legacy hardware that needs to be maintained through hardware purchases from wherever they can - including eBay.
Just do your modifications and put it up for bid. You will find out where it is going through the purchase and there you have just put a backdoor into a nice target.
Re: Remote attack is possible
True, but I seriously doubt many spammers are considering this for a 'business plan'. Sell something on Ebay and even if you demand payment in cash you are traceable, since the payment has to go somewhere.