
Internet routers running Tomato are under attack by notorious crime gang - Chazprime
https://arstechnica.com/information-technology/2020/01/internet-routers-running-tomato-are-under-attack-by-notorious-crime-gang/
======
bediger4000
Including "running Tomato" is a great step. Too often, these warnings, which a
great deal of the time are only relevant to machines running Windows, do not
include "running X" in the title, so everyone, even those not running X, have
to read the article to ensure they're not vulnerable. I believe journalistic
integrity demands that the OS/App/whatever appear in the title.

------
h2odragon
... only vulnerable if the default has been changed to ALLOW remote
administration, and are using the default admin:admin or root:admin
credentials.

~~~
jandrese
How big a group of routers is this? How does one get smart enough to go into
the advanced options to enable remote administration, but not smart enough to
set the root password first?

I partially blame Tomato for this. It shouldn't allow you to enable remote
admin until you've changed the passwords.

~~~
eatmyshorts
Shodan returns some 5100 Tomato servers, with about 1500 running web services
(presumably the remote administration). I would bet that a fair number of
those 1500 servers (maybe 10%?) have the default password, but I'm not going
to check.

------
kazinator
Why/how would you be smart enough to run custom firmware on your router, but
not set your password, even while enabling remote administration?

(Are routers pre-loaded with Tomato being sold to naive people somewhere?)

