Infosec Story: My Close call!

My story begins at my day job, the company had some new equipment installed and so I received some training on it. The final part of the familiarization was what to do if you can fix it, at this point the instructor pointed out an eWON router:

eWON Controller 

“IT has said we can’t have it switched on all the time but if you get a failure we can dial in and check the systems remotely” I was immediately interested in this device, I could see it could log multiple devices, full I/O, Flash and full routing. It’s a remote fault finders dream! We weren’t given access to the device but I was extremely interested in its capabilities so like any skeleton worth his bone meal I headed to Shodan. Shodan is like a search engine but instead of pages, it looks for devices on the net.

A quick search later I found almost 4,000 devices, after accessing one of the many I found it to be password protected a few minutes later after finding the instruction manual I had the default user and pass and no surprise I was in.

The first thing I noticed was that I was the highest level user I could do just about anything to this device and like I had seen it had full I/O control over something complicated. None of that really concerned me I was only here for research of the device. Another thing that drew my attention was the file type:

 xxx.xxx.xxx.xxx/Ast/MainAst.shtm

I’d never seen .shtm before and thought it might be something I look at later.

After this, I narrowed my search to my home country thinking that I’d like to be sure nothing else belonging to my work had anything like this that had been left with default creds. 140 devices in the UK, I had a quick look at one of them, default creds again and found myself on a very different page:

At first glance I thought must be one of those domestic turbines. It’s a read-only page so perhaps I can forgive the default creds and a login box at the top that I thought would lead to the config pages but actually I found makes the slew rate and other settings changeable on this page. So is this a custom eWON designed just for this? No, The eWON has FTP and if you upload pages you can serve them on its inbuilt webserver as the default. So if you’re stuck on this page xxx.xxx.xxx.xxx/usr/xxxxx/index.shtm how could you then configure the device? The answer is by browsing the original page mentioned earlier. This would have been difficult to enumerate but I already knew this was the default, so I have full control.

Ok, that’s pretty cool I thought. I don’t even need to log in the read-only page because I could edit the I/O here. That’s about when I noticed the power output, at a glance had thought domestic kW but was in fact MW! I know electricity and that’s a lot of it! Glancing back at Shodan the organization the IP is registered too is actually a well-known energy provider, and they have at least 5 other sites with the same setup!

The scale of this was starting to hit home, I quickly checked the output of the other turbines, a total of 253MW across 5 sites and the final one was showing site number 113!?! I’ve never dealt in MW so I thought maybe it’s not as bad as I thought? Perhaps I’m over exaggerating this. Maths! Maths will save me from a panic attack!

Nope. I calculated with these 5 sites I had control of enough power for 6.5% of the homes in my country. 5 sites with a possibility of at least another 108? Thankfully, its a drop in the ocean if I include industrial usage but still a major concern. I’ve even worked out scenarios where you could do harm to the turbines probably disabling them.

Amazed at what I’ve found, I try to find security contacts at the company’s involved… Nothing. I send emails to customer support… Nothing! A day or so later the country has a massive power cut due to “unforeseen circumstances” I’m going to prison, aren’t I? As a last resort, I contacted the NCSC, pretty sure this isn’t what they are for but it’s national infrastructure and I want to go on record. Guess there is still a chance I could get taken in for this.

More details emerged about the “Unforeseen circumstances” and what I’d found was not involved, thankfully. All that panic was for nothing, but it really hit home the scale of what I’d found. The NCSC was extremely helpful, once again I’m sure this isn’t what they are here for but they did deal with it and even increased my Hackerone rep for the tip-off. 

At least 12 months have passed and to be honest, I had distanced myself from this incase something happened. Today I have checked all the addresses and can report that the message got through, all the sites are now properly password protected! Allowing me to finally talk about this out loud. 

Maono AU-PM422 USB Microphone

Maono AU-PM422 USB Microphone is another video on a USB condenser microphone but this one is packed to the brim with features. For starters, as I’ve said in previous video’s I prefer a mic that comes with a boom arm, this is handy for me as I like to keep the mic out of frame when I’m recording and it gives me a lot of flexibility to do so. Build quality is good very similar to the Tonor BM-700 with a slightly stronger desk mount.

The sound goes without say is very good as you can hear from the video but the real magic is located at the front of the mic where you find a mute button, gain nob and headphones input.

The mute button is touch with a red/green LED to show when you are live/muted this is a really handy feature for anyone who does live-streaming and though I had expected it too you don’t hear a big thud when you touch the button because it’s not tactile.

The Mic gain I thought at first I wouldn’t use because it can be adjusted on my PC so I didn’t see the need until I started to use the headphones and then it made sense. It’s not only adjusting the PC input it’s adjusting the gain sent to the headphones so it is very important in fact.

My favourite part that I had not realised when I ordered this microphone is the way the headphones work, I assumed it was just a Microphone monitor which in itself is a handy feature, but in fact, because this microphone has basically got a sound card built in your PC can use it as such… I’ll explain, so you can make your PC choose the microphone not only as input but output too, allowing us to hear ourselves on the mic and whatever noises on the desktop so if for instance you were gaming you could hear that as well and these volumes can be adjusted in you PC settings as you normally would!

Overall extremely impressed by the Maono AU-PM422 USB Microphone and how now become my new default microphone so hopefully, you’ve subscribed to our Youtube channel so you’ll be hearing a lot more from it!

Sparrows Euro Drivers Cam Turners

I bought these Sparrows Euro Drivers Cam Turners a few months back and honestly, wasn’t expecting them to work on most locks but was pleasantly surprised. Where I work a lot of the locked doors are also fire exits so they tend to have thumb turns on a lot of the doors and for me, 90% of them are vulnerable to this little tool.

Generally, the ones that I’ve failed to use this tool on are a very high grade and tend to have anti-drill and snap features too so its to be expected at that level I’d like to think. That said all of the locks in the video are 6 pins with security pins inside so it’s not like they are low grade.

It did take me a few attempts to get the hang of this tool, as I show in the video placement of the tool and adding a bit of downward tension whilst turning is key to getting it to work. Once you get the hang of it it’s extremely quick and easy to use!

Getting started with OpenWrt

https://youtu.be/uhJF0XmVhME

We’ve created a lot of videos on installing OpenWrt and never really touched the subject of what to do after. OpenWrt can be a bit of a beast when you first get to grips with it because it’s so “Open” (Excuse the pun!) it has so many setting it can seem very overwhelming so we wanted to start to tackle some of the first steps to make it a bit easier for newcomers.

Before I start the video is assuming you have Luci installed which is the name for the OpenWrt’s web interface. If you haven’t when you go to 192.168.1.1 you won’t you will get an error. To fix this use these commands on any OS:

ssh [email protected]

(When asked type yes)

opkg update

opkg install luci

reboot

After that, you should be able to log in, also as I mentioned in the video you may need to clear your cache if you have problems logging in.

We hope to make this into a bit of a series to try to cover all the basics of setting up your OpenWrt router so if you have suggestions of things you want us to cover in the next videos leave us a comment and we will try to make for you!

Uhuru UCM 11PL Shotgun Microphone Kit

This is the second Microphone we have made a video on from Uhuru, another reasonably priced Microphone on Amazon. The Uhuru UMC 11PL is a kit of quite a few tools, in fact, most of the things you need to get started as a Youtuber or Vlogger. It hosts:

  • Shotgun Microphone
  • LED Light
  • Phone Holder
  • Tripod/Gimbal

The shotgun microphone is impressive, especially when using something decent to record with, in the video I made sure not to do any post-processing to the audio recorded on my phone to give you the out of the box sound, but in dubbing, you can really hear this can be an excellent microphone with a little tweaking If you want to know what settings I used for this its the same as I used in the UM910 video.

LED Light is bright, to say the least! You would never need this at 100% for face shots but it may be very useful if you’re trying to picture or video objects to flood the area with light. requires 2x AA batteries.

The phone holder is nothing special, but it serves the purpose. It opens to about 10cm I can’t think of a phone that’s bigger than that.

Tripod/Gimbal is made of plastic but is actually very robust as an engineer I can see they have added strengthening bars in the legs to make it stronger. Gimbal has a lot of motion and all can be locked in place with thumbscrews.

Probably the best part is that it all uses standard fixings, so as you upgrade you can swap out the phone bracket for your camera. As you can see the microphone plugs in via standard means for most cameras (check yours has an input!), the H mounts for the Light and mic are standard for cameras and so is the tripod mount!

Netgear GS110TP Hidden CLI

This was a quick video, I just really wanted to show everyone what i had learned about the Netgear GS110TP and how you could get to the command-line interface (CLI) even though its an unadvertised or hidden feature. As I say in the video I stumbled upon the port while conducting a routine port scan of my network and wanted to learn more. I found a blog post that gave me all the info I needed to access the CLI so I decided to make this quick video to show the steps involved. Enjoy!

Uhuru UM910 microphone review – unbox, setup and demo

The Uhuru UM-910 is another reasonably priced microphone like the Tonor video we did recently, however, this one is USB. The benefits of USB vs XLR is that you don’t need to worry about fancy audio set up to power it, it just runs straight out of the box.

The mic has a decent build quality, its heavy which is always a good sign. It has a nice matt black exterior and all the parts seem to be strong and robust. The base plate is particularly heavy, you’re unlikely to knock this over by accident. The Upright has 2 threads so will fit most standard microphone holders:

The sound of the microphone is very good for the price, it captures a lot of the bass in my voice that most microphones miss. I did have to put the volume up quite high to get a good sound but that’s common for USB condenser mics and I still had room to put it higher to past the cutting point. All in all a great mic for the money!

If you have any question, would like to see more tests or perhaps a comparison to other microphones please leave a comment.