How did you go about hacking it via the serial connection? I've looked at a few things online and it looks like I'll have to pick up a max232 chip if I want to give it a go. Any tips/pointers from your experience?

Swwet, mine arived yesterday as well.

I will probably be going the router of adding a serial port to the device. I fully intend to fully document my experience.

For those going the serial route, you can get the max232 chips for free from Maxim IC. Maxim gives out free samples of essentially every chip they stock. You can get up to about 5 of each chip at a time. The best part is shipping is free as well. So order up your free samples form Maxim, making this project entirely free!!!

You goliath, are the man!

What exactly will you be able to do with a serial port?

Hrmm, the one html method we were talking about is not working for me, did it work for someone else?

When you go to the main admin page of the Fonera, what firmware version does it state is installed?

7.0 r4
It's now hacked with a different method I found.
BTW, the google search 'fon' and 'hack' show us as second.... is that a good thing? (or it did for a while there)

Scenario 1: Spying on users

Any person having a fonera access point can spy on users accessing the internet through their fonera.

This could be done by hacking into the fonera via the web interface (which is a 5 minute project), or via a serial cable from the computer (need to open the box and connect a few cables), and then changing the configuration of the fonera. The new configuration could store traffic information of users, like who they e-mail, what the write, where they surf, the password of their banking site, dating site credentials, phone numbers called with VoIP phones, etc. This information could instantly be forwarded anywhere in the world.

Even if Fon, unlikely as it seems, would be able to end physical and logical access to foneras, this scenario is still possible. If I surfed through your broad-band connection, you could always use your own computer to eavesdrop on my communications using special software (available for free on the web).

Skype calls might be difficult to decrypt, but ordinary VoIP phone calls can be replayed easily. If I were surfing through your fonera, you could be listening to the sound of my conversation.


Scenario 2: Threats, violating intellectual property rights and computer intrusions in your name

Also, the Fon design already gives members a list of who have accessed their fonera at which time. This of course might come in handy if the legal authorities knocks on your door and want to prosecute you for file-sharing or computer intrusion conducted by one of the guests. This is problematic. You let someone you do not know use an internet connection you have bought under a certain agreement with your ISP. How can you know that the person visiting your connection does not violate this agreement by doing stupid things in your name (because for your ISP, it is in your name, using the IP you have been given from them for that moment).

With the Fon network available, do you think any hacker will ever use their own internet connection? Where can you, unidentified and anonymously, get unlimited access to the net to spam, hack, etc.? Through Fon. Yes, “all users are registered”, but with true information? In addition, a hacker could first eavesdrop on their own fonera for your fonera password and ID, and use this instead of their own. The list goes on.


Scenario 3: Others spying on you through your fonera?

Is it possible for others to spy on you through your fonera access point? Yes, of course. There are many ways this can be done:

- Fon have full access to the fonera, which is essentially a Linux computer on your network. They could potentially load a new configuration with dumps all the Internet traffic on your local network with free tools available on the web. But why would they?

- In fact, la fonera is the perfect spy hardware – small like a pack of cigarettes, wireless radio, network card. If you find one installed on your corporate network, you’d better check the software its running – it might very well be recording everything and relaying it to a competitor!

- Given the current security vulnerabilities of the fonera, a hacker might not hack into their own box to spy on you. The hacker might just as well hack into your box to spy on you. How could the hacker find you? Fon Maps. With addresses and everything. So if you handle confidential information at all, or if you like your private life totally private, take care. But how can the hacker access my fonera? Radio, remember? It is a wireless access point. It is exactly as easy for me to change the configuration of my box as it is for me to change the configuration of your box. This might even be done by mistake given many access points with the same identity close to each other in cities. “Hacking” into your fonera can be done from outside your house with an ordinary laptop using only Internet Explorer. Then all traffic can be dumped and forwarded to the hacker who can potentially visually look at each email sent and received, listen in on the VoIP phone conversations, surf over your shoulder with you.

It is likely that this scenario will be made more difficult in the near future, since foneras can be patched for security problems from the Fon website. However, security vulnerabilities tend to be found regularly…..so it is the traditional race between hackers and security pros.


Scenario 4: “La Wormera” – the Fon worm

It is not unlikely that soon, access points will be able to reach each other via radio – they are wireless access points. Already, some looks like they could have radio contact with each other. So let’s consider this: Is it at all possible that a worm could spread through radio from one fonera to another? Yes. If a hacker hacks into his fonera, and adds the functionality that automates the web interface access hack (originally described by Kebe and Tomanek), or any other hack that enables full logical access through accessing the fonera via the wireless interface, the hacker could potentially automatically take command over all foneras within radio range. Then the neighbouring fonera could take over its next neighbour, and so on. After some time, all access point in the city centre could be controlled by one hacker. Let’s say the hacker would not do anything, except changing a few lines telling the fonera where to download new software. Instead of getting new updates from Fon, all foneras would one day fetch any software of the hacker’s choice from a server controlled by the hacker. In this way, the hacker could, months after the attack, and within a few minutes take command and direct thousands of devices!

What is the worse thing that could happen? A large scale denial of service attack against the Internet? Denial-of-service against any chosen target? Spamming en masse? Eavesdropping on any communication passing through the access points? Eavesdropping on any wireless traffic in the city centre? Creating a huge grid of massive computing power and the broadest broadband ever seen?

All of the above. All of these things are possible.

link

Well, Dr N...

I WAS going to help you out... but it seems that everyone beat me to it... All can tell you is that when you cut out the hole to put the DB9 connector in the side... use a dremel that has static rpm settings or be extremely careful to keep your speed low as you don't want to actually melt the plastic as you cut through it (you'll take the chance of ruining the hole, and will ruin the dremel bit by getting melted plastic on it),and use a medium grit blade (to have a balance of not melting the plastic and making a neat hole) and be careful when you solder- make the beads of solder on the board neat ( I'm not used to soldering on small boards like that- I'm used to soldering on bread boards and I shorted out the connection and had to get my friend to desolder and resolder my connections on the board)... hope this helps... I couldn't find the resource that I used to make mine, but I found an extremely good one here- http://sodoityourself.com/accessing-serial-console-on-the-fon
It's actually more concise and has better pictures than the one I used.

Happy Hacking!! ... let me know if you need anything more.

Thanks for your help, Brownjl01! I will probably order some parts over the next week or so to get this done.

Not a problem... let us know how it turns out...

mine arrived today, i just started hacking it a while ago. so far i've erased the current firmware and am in the process of reflashing it with dd-wrt. i'll let you all kno how it turns out.

So if I set up the box (through fon), then I can't be hacked right?

It depends if what updates it downloads. There are several different ways to enable SSH. The easiest ways require earlier firmware versions. so if the unit updates it makes it more difficult to enable SSH.

An update on my hack: Well dd-wrt is fully loaded on the fon access point. after screwing around with settings for a while, it no longer likes me. I have several routers and firewalls on my network so getting the settings just right takes some time. apparently the last settings i saved it doesnt like. i can no longer access the admin page through the ip i assigned it. so i think i may have to reset the nvram.

for those interested i used the following tutorial to hack my fon access point. it was very easy to do. and best of all it doest require opening it up and adding a rs232 port
http://www.dd-wrt.com/wiki/index.php/La_Fonera_Flashing