John McAfee claims 'every router in America has been compromised' by hackers and spies

[ABX]

It is interesting that one of the few people who would know more than anyone else chooses to use his phone's hotspot versus wifi router. A much higher level of encryption.

Technology pioneer John McAfee believes that every home internet router in America is wide open to cyberattacks by criminal hackers and intelligence agencies. He makes the claim speaking after revelations from WikiLeaks that the Central Intelligence Agency (CIA) targets the devices.

"I personally never connect to any WiFi system. I use the LTE system on my phone, I know that sounds crazy, but that's the only way I can be secure. Because every router in America has been compromised," he told Russian state news channel RT this week (20 June)......

http://www.ibtimes.co.uk/john-mcafee-claims-every-router-america-has-been-compromised-by-hackers-spies-1627222

[HonestJohn]

Only if one doesn't change the administrator's password to gain access to the router's settings.

Or if one makes that password short or easy to guess.

[BassWrangler]

This asshat read the article about the Linksys firmware having an NSA backdoor in it, and he's capitalizing on that to try and sound like a big expert. In reality, he's just some drug-addled fool trying to remain relevant.

[ABX]

This asshat read the article about the Linksys firmware having an NSA backdoor in it, and he's capitalizing on that to try and sound like a big expert. In reality, he's just some drug-addled fool trying to remain relevant.

That 'asshat' wrote the manual on network security and the first anti-virus software.

[EC]

Seems a sensible guy. Every router in America is compromised, so I, a tech guy with a lot of cutting edge tech guy contacts, am gonna depend on my phone full of Chinese firmware to connect to that self-same system in order to be "secure." 

I respect McAfee's work, but he's not exactly thought this through.

[driftdiver]

That 'asshat' wrote the manual on network security and the first anti-virus software.

25 years ago.  Today his product is bloatware and crap.

[240B]

Related - Midas Muffler CEO: Lawrence C. Day recently issued a warning that every muffler in America has been compromised.

[Taxcontrol]

Only if one doesn't change the administrator's password to gain access to the router's settings.

Or if one makes that password short or easy to guess.

8 character wifi passwords can be cracked in under 8 hours.

[driftdiver]

8 character wifi passwords can be cracked in under 8 hours.

New NIST recommendations on passwords.  Recommend phrases now.  The longer the better.

[Frank Cannon]

John McAfee claims 'every router in America has been compromised' by hackers and spies

He also claims he didn't kill his neighbor down in Belize.

[HonestJohn]

8 character wifi passwords can be cracked in under 8 hours.

I was thinking 32-character passwords. (even if it's a doubling of a 16-character password... just the fact that the password is so long makes it exponentially more difficult to crack)

[BassWrangler]

That 'asshat' wrote the manual on network security and the first anti-virus software.

He didn't write the manual on anything. He did write one of the first anti-virus scanners. Decades ago. Since then his use of home-cooked amphetamines have fried his brain.

@AbaraXas

[LateForLunch]

He didn't write the manual on anything. He did write one of the first anti-virus scanners. Decades ago. Since then his use of home-cooked amphetamines have fried his brain.

@AbaraXas

Yeah,
I read the full article on the anti-virus and his life since selling the rights. I got the impression that a good deal of the success of that product was good luck and great marketing skills. The man himself got into snorting bath salts as I recall which was when things started to head south for him. 'Not sure I'd take much he says seriously unless corroborated by someone who only uses bath salts externally.

[Wingnut]

Related - Midas Muffler CEO: Lawrence C. Day recently issued a warning that every muffler in America has been compromised.

http://www.youtube.com/watch?v=h542BUdACH4&ab_channel=robatsea2009
Put that in your tail pipe and smoke it.

[roamer_1]

8 character wifi passwords can be cracked in under 8 hours.

I believe that to be a straight dictionary hack, performed in low case only, and not caps/lows/nums/chars... I believe it also requires knowing where the internal gateway is, which may not be standard (mine certainly isn't).

And even if so, who has it out for you so bad that they are willing to spend 8 hrs hacking your wifi? Only for you to discover the wayward name in your dhcp table and reset your passwords again?

meh. Routers are pretty bulletproof. Change the access password, change the IP range, change the password to something relatively safe, and you're golden... Unless you are wanted by the FBI or you pissed off your hacker ex.

[Taxcontrol]

New NIST recommendations on passwords.  Recommend phrases now.  The longer the better.

Yep, I work in cyber security and use pass phases like:

Ilovetampabay
Mywifeissexy
MarlinsFever

etc but also do the standard transforms:
E is replaced with 3
I or L is replaced with 1 or !
O is replaced with 0
8 replaced with &
and others

[Taxcontrol]

I believe that to be a straight dictionary hack, performed in low case only, and not caps/lows/nums/chars... I believe it also requires knowing where the internal gateway is, which may not be standard (mine certainly isn't).

And even if so, who has it out for you so bad that they are willing to spend 8 hrs hacking your wifi? Only for you to discover the wayward name in your dhcp table and reset your passwords again?

meh. Routers are pretty bulletproof. Change the access password, change the IP range, change the password to something relatively safe, and you're golden... Unless you are wanted by the FBI or you pissed off your hacker ex.

Sorry that is incorrect.  It is a full alphanumeric 95 character set.
8 hours is done by a machine and can be done overnight
So set up a laptop, start recording the wifi traffic, force a station or two to reconnect, and in 4 hours you will have the wifi hash recorded.  Go back to the laptop, extract the wifi hash, pass to a cracker box (some are dedicated hardware, some can be ordered from the cloud).  Crack the password over night and come back the next morning with the password and you are on the wifi network.

Trust me, that is a standard penetration testing practice.  That is one of the tests that my team performs for banks and S&Ls

[roamer_1]

Trust me, that is a standard penetration testing practice.  That is one of the tests that my team performs for banks and S&Ls

then I stand corrected. But it still has no bearing upon joe six-pack. I am a tech and control many small networks, and I have never in my life seen a router hack that didn't initiate within the LAN, or by a vector initiated within the LAN.

[Weird Tolkienish Figure]

Sorry that is incorrect.  It is a full alphanumeric 95 character set.
8 hours is done by a machine and can be done overnight
So set up a laptop, start recording the wifi traffic, force a station or two to reconnect, and in 4 hours you will have the wifi hash recorded.  Go back to the laptop, extract the wifi hash, pass to a cracker box (some are dedicated hardware, some can be ordered from the cloud).  Crack the password over night and come back the next morning with the password and you are on the wifi network.

Trust me, that is a standard penetration testing practice.  That is one of the tests that my team performs for banks and S&Ls

Wep or wpa? Wep is a joke.

There's an industry standard for wpa, maybe wpa-radius 2, that is considered enterprise secure.

Even if you connect to the network, inter computer traffic (client to client) is usually verboten. Restricting all login access ports from wifi is pretty trivial (iow allow only wired clients to log in to router).

And of course, all security is relative and everything is crackable.