Fonera phones home
Fonera starts a small sript thinclient at every bootup and every hour. The thinclient connects via SSH to download.fon.com:1937 and sends its mac addresses and version. It gets back a shell script which is dropped at /tmp/.thinclient.sh. This shell script is executed by the thinclient. Fon could paste any code there and has full control of La Fonera...
Normally the shell script contains harmless code:
rm -f /tmp/.thinclient.shBut you can configure La Fonera via the webpage of FON. You can change the WPA key of the private WLAN, change the admin password, change the ESSIDs. If you do so the sended script looks different.
exit
Updating your ESSIDs:
# begin # setssidprivateUpdating your WPA key:
awk -v cfgfile="/etc/config/fon" -v "updatestr=private.essid=YOURPRIVATEESSID" -f /usr/lib/webif/uci-update.awk -f - > /etc/config/fon.new <<EOF
BEGIN {
cfg = read_file(cfgfile)
print update_config(cfg, updatestr)
}
EOF
if [ $? -eq 0 ]; then
mv /etc/config/fon.new /etc/config/fon
ifup lan
else
rm /etc/config/fon.new
fi
# end # set ssid fonera
# begin # set ssid fonera
awk -v cfgfile="/etc/config/fon" -v "updatestr=public.essid=YOURPUBLICESSID" -f /usr/lib/webif/uci-update.awk -f - > /etc/config/fon.new <<EOF
BEGIN {
cfg = read_file(cfgfile)
print update_config(cfg, updatestr)
}
EOF
if [ $? -eq 0 ]; then
mv /etc/config/fon.new /etc/config/fon
iwconfig ath0 essid FON_'YOURPUBLICESSID'
else
rm /etc/config/fon.new
fi
# end # set ssid fonera
rm -f /tmp/.thinclient.sh
exit
# begin # setwpapassword
awk -v cfgfile="/etc/config/fon" -v "updatestr=private.password=YOURWPAPASSWORD" -f /usr/lib/webif/uci-update.awk -f - > /etc/config/fon.new <<EOF
BEGIN {
cfg = read_file(cfgfile)
print update_config(cfg, updatestr)
}
EOF
if [ $? -eq 0 ]; then
mv /etc/config/fon.new /etc/config/fon
ifup lan
else
rm /etc/config/fon.new
fi
# end # setwpapassword
rm -f /tmp/.thinclient.sh
exit
No comments:
Post a Comment