Lek gave access to routers of millions of Germans
German developer Alexander Graf found passwords in the memory of his own router. These gave access to the maintenance network of Vodafone subsidiary Kabel Deutschland. This allowed him to look around unhindered on the routers of 2.8 million Germans.
Alexander Graf discovered the vulnerability when he searched his own router for the credentials for his VoIP access, which he wanted to use to connect his own hardware. He found a clogged network connection called wan0, which turned out to be part of the German provider’s maintenance network. Through this network he was able to access the routers of 2.8 million other users via telnet and later via ssh. The access passwords of these routers were partly stored in plaintext in the memory of its own router. These were the same for all devices.
He was then able to run arbitrary code on the routers with root access. As a result, he could also find out the passwords of other users and use their connection and make calls at their expense. He decided to inform the provider and it responded within a month saying that it had isolated the users on the maintenance network from each other. According to the Heise site, the leak could have existed for ten years. Graf will present his findings next week at the 32nd Chaos Communication Congress in Hamburg.