.

JetPack SSID and password

<<

TomTees

User avatar

Newbie
Newbie

Posts: 45

Joined: Mon Apr 01, 2013 1:32 pm

Post Mon Apr 01, 2013 1:50 pm

JetPack SSID and password

I am thinking of getting a Verizon 4G LTE 5510L JetPack.

From what I have been reading, the SSID and Password are available via the menus on the front of the device.

Isn't that horribly insecure?

Seems like having your Username and Password taped onto your laptop!!

Sincerely,


Tom
<<

m0wgli

User avatar

Sr. Member
Sr. Member

Posts: 308

Joined: Fri Jul 20, 2012 3:34 pm

Post Mon Apr 01, 2013 2:36 pm

Re: JetPack SSID and password

I've no experience of these devices, but out of curiosity I had a quick look. The User Guide would suggest that this can be turned off, although the default would seem to be on.
Security + | OSWP | eCPPT (Silver & Gold) | CSTA
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Tue Apr 02, 2013 7:46 am

Re: JetPack SSID and password

I've not worked with them, either, and having not gone through their manuals or anything, I'd simply have to say that, if they're anything like any other wireless router vendor, while those may be 'default' settings, you're ALWAYS recommended to change them.

Its no more secure than some ISP's wireless routers, whose default wireless keys are the serial numbers taped to the devices.  Obviously NOT something you would want to leave at the default.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

TomTees

User avatar

Newbie
Newbie

Posts: 45

Joined: Mon Apr 01, 2013 1:32 pm

Post Tue Apr 02, 2013 1:03 pm

Re: JetPack SSID and password

hayabusa wrote:I've not worked with them, either, and having not gone through their manuals or anything, I'd simply have to say that, if they're anything like any other wireless router vendor, while those may be 'default' settings, you're ALWAYS recommended to change them.

Its no more secure than some ISP's wireless routers, whose default wireless keys are the serial numbers taped to the devices.  Obviously NOT something you would want to leave at the default.


I've never had wireless Internet before, so am kind of clueless on the topic.

What exactly is an SSID?

And why would I want to change or hide it?

Assuming things can be changed from the defaults, what exactly would you recommend as far as changing things?


Tom
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Tue Apr 02, 2013 1:20 pm

Re: JetPack SSID and password

The SSID (Service set identification) is the name of your wireless network, e.g. "TomTees_WLAN". You can disable the broadcasting of the SSID, so that it's not that obvious for everyone that there is such a network available, but that's not a real protection, as it can still be detected.

I'm sure what hayabusa was referring to was more towards changing the default credentials and such. Also be sure to enable a strong encryption with a long passphrase (e.g. WPA2 Personal (PSK) + AES). I'd also recommend to disable WPS, if supported by the device (I didn't check its specifications).
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Tue Apr 02, 2013 2:16 pm

Re: JetPack SSID and password

I've used other Verizon jet packs in the past. The screen turns off, and you have to go back through it. No the SSID and the Password for the network being accessible via the screen isn't really an issue with security. How else are you going to know how to connect to the device?

The bigger issue is leaving the device laying around where someone else can pick it up and start messing with it.

and of course Hyabusa's advice about making it harder to get into is useful.
OSWP, Sec+
<<

TomTees

User avatar

Newbie
Newbie

Posts: 45

Joined: Mon Apr 01, 2013 1:32 pm

Post Tue Apr 02, 2013 3:58 pm

Re: JetPack SSID and password

UNIX wrote:The SSID (Service set identification) is the name of your wireless network, e.g. "TomTees_WLAN".


So what is the advantage of creating a customized one (e.g. TomTees_WLAN) versus leaving the default?


You can disable the broadcasting of the SSID, so that it's not that obvious for everyone that there is such a network available, but that's not a real protection, as it can still be detected.


How would you do that?


I'm sure what hayabusa was referring to was more towards changing the default credentials and such. Also be sure to enable a strong encryption with a long passphrase (e.g. WPA2 Personal (PSK) + AES).


Dumb question, but since I have never owned a "Hot Spot" before, and am very clueless about anything mobile, where do you put the SSID and password?

Do you have to type those into the JetPack itself?  (And if so, how do you do that without a keyboard?!)

I guess I thought you logged in from your laptop or browser?

Also, what do you mean by "WPA2 Personal (PSK) + AES"?

I have heard that WPA2 is the strongest encryption method for mobile devices - and I assume I can select that in setting up the JetPack - but I don't understand the "PSK" and "AES" part...


I'd also recommend to disable WPS, if supported by the device (I didn't check its specifications).


I Googled that for the Verizon 5510L - which is the latest and greatest that I am thinking of getting - and didn't find any info on whatever that is.


Tom
<<

TomTees

User avatar

Newbie
Newbie

Posts: 45

Joined: Mon Apr 01, 2013 1:32 pm

Post Tue Apr 02, 2013 4:17 pm

Re: JetPack SSID and password

chrisj wrote:I've used other Verizon jet packs in the past. The screen turns off, and you have to go back through it. No the SSID and the Password for the network being accessible via the screen isn't really an issue with security. How else are you going to know how to connect to the device?


A few things...

First, I thought maybe you entered the SSID and Password from your laptop and/or browser...

Secondly, having access to the SSID and password on the device seems like a really poor design.  It would be like having your Username and Password on a file on your desktop!

If someone got a hold of my SSID and Passcode, then they would have access to my wireless connection, and from my understanding, that would mean they could easily hack my connection and my computer traffic, right?!


The bigger issue is leaving the device laying around where someone else can pick it up and start messing with it.


True, but let's be realistic...  I would buy one a JetPack because I am not in the security of my home.  (I doubt people pay the PREMIUM that Verizon charges for data usage to use a JetPack at home.)

My goal is to replace the need to drive around and find a restaurant with free wi-fi and to also avoid having to find motels with free wi-fi.

So the reality is that if I buy one of these, I will likely be using it at somewhere like Perkins or McDonalds or Joe's Diner.

And while I always use a cable on my laptop, I can't guarantee that I am always right by the side of my latop - or in this case JetPack.

What if that Bacon, Jalapeno, Onion, Tabasco, Double Cheeseburger with Chili Fries doesn't agree with me AGAIN - I gotta take my wife's advice and start cutting back!! - and I need to go take a quick c*** ?

Or, let's say I just go up to pay my bill, or get another Pepsi?

In such cases, it is conceivable that someone could quickly go onto my JetPack and find my SSID and Passcode, right?

If that is all you need to do, I think that is a stupid design!

But then again, maybe I'm not sure how the SSID and Passcode work?

The kids at Verizon that I spoke to on the phone made it sound like you type in the passcode either once and are done with things, or that you can type it in each time - I assumed into my browser - but that it wasn't sitting out in the open the device itself.  (How do other companies like AT&T or Sprint do this?)

Anyway, my main point is that while I would be careful with a JetPack, I can't guarantee I would have it in my hand 100% of the time...


and of course Hyabusa's advice about making it harder to get into is useful.


Oops, I'm sorry, which advice was that?


Tom
Last edited by TomTees on Tue Apr 02, 2013 4:23 pm, edited 1 time in total.
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Tue Apr 02, 2013 4:21 pm

Re: JetPack SSID and password

- Leaving the default SSID will often help someone to look up the default passwords, for given devices, thus, it's always better to change it.  (Not that there aren't other ways to find the device type and look for passwords, but why leave it easy for someone to find.)

- On a JetPack, I have no idea how to disable it, but most all vendors have a setting you can choose to enable / disable broadcasting the SSID.

- "Putting them in" - the ssid and password - are on the client side, so that a client knows how to connect to the device.

- as far as the varying encryption types, there are plenty of threads here on EH, as well as in a generic Google search, that I'll leave researching each, to you.  Suffice to say, if some device defaults to WEP, you're gonna want to change it...  ;)
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

m0wgli

User avatar

Sr. Member
Sr. Member

Posts: 308

Joined: Fri Jul 20, 2012 3:34 pm

Post Tue Apr 02, 2013 5:43 pm

Re: JetPack SSID and password

TomTees wrote:In such cases, it is conceivable that someone could quickly go onto my JetPack and find my SSID and Passcode, right?


It would seem so if the device wasn't configured to not display the Wi-Fi name (SSID) and password on the display (refer to page 19 of the user guide I posted earlier).
Security + | OSWP | eCPPT (Silver & Gold) | CSTA
<<

TomTees

User avatar

Newbie
Newbie

Posts: 45

Joined: Mon Apr 01, 2013 1:32 pm

Post Tue Apr 02, 2013 9:30 pm

Re: JetPack SSID and password

hayabusa wrote:- Leaving the default SSID will often help someone to look up the default passwords, for given devices, thus, it's always better to change it.  (Not that there aren't other ways to find the device type and look for passwords, but why leave it easy for someone to find.)


Okay.


- On a JetPack, I have no idea how to disable it, but most all vendors have a setting you can choose to enable / disable broadcasting the SSID.


Okay.


- "Putting them in" - the ssid and password - are on the client side, so that a client knows how to connect to the device.

- as far as the varying encryption types, there are plenty of threads here on EH, as well as in a generic Google search, that I'll leave researching each, to you.  Suffice to say, if some device defaults to WEP, you're gonna want to change it...  ;)


I have heard that "WPA2" is the best...

BTW, what do you recommend as far as choosing a Admin Password and Passcode?


Tom
<<

TomTees

User avatar

Newbie
Newbie

Posts: 45

Joined: Mon Apr 01, 2013 1:32 pm

Post Tue Apr 02, 2013 9:31 pm

Re: JetPack SSID and password

m0wgli wrote:
TomTees wrote:In such cases, it is conceivable that someone could quickly go onto my JetPack and find my SSID and Passcode, right?


It would seem so if the device wasn't configured to not display the Wi-Fi name (SSID) and password on the display (refer to page 19 of the user guide I posted earlier).


Okay, thanks for the reminder about the PDF link.


Tom
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Wed Apr 03, 2013 12:37 pm

Re: JetPack SSID and password

First, I thought maybe you entered the SSID and Password from your laptop and/or browser...

Secondly, having access to the SSID and password on the device seems like a really poor design


first: you do have to put it on your laptop when you connect. Your laptop's wifi client will just list everything it sees, and leaves it up to you to pick which one to use. The SSID of your Jetpack is how you know which one to use. Otherwise you might click a funky looking one, and get your soul uploaded to the data cloud.

second: where else would you put the information so it is semi-readily available? One picks up the device, turns it on, and scrolls through menues to get to the options to display what you need. It's better than putting the information on the bottom of the device with a sticker.

True, but let's be realistic...  I would buy one a JetPack because I am not in the security of my home.  (I doubt people pay the PREMIUM that Verizon charges for data usage to use a JetPack at home.)


Wireless in the home isn't safe. Look in to Hacking Wireless Exposed, or Wifu. There are people out there that lack ethics and do things because they can. That includes things like using neighbor's wifi if they can get on it.

And while I always use a cable on my laptop, I can't guarantee that I am always right by the side of my latop - or in this case JetPack.


O_o
I carry all of my tech in a backpack, or messenger bag. I never, NEVER, leave it un-attended. I only take out what I need. Usually the laptop. The jetpack, take it out start it up, confirm the laptop connects, and then put it back in the bag. If I need to move, for whatever reason, the laptop goes back in the bag and the bag goes with me. Even just to wee.

Operational Security: I expect a Bob (an attacker) to be where ever I am. I expect a Bob to have basic skills. Cable locks can be easily picked or bypassed, without destroying the cable, and done in such a way that most people wouldn't even realize a crime is going on. A box can quickly be rebooted, popped, and restarted after, in the time you're at the alter praying to Ralph. In some cases all that is needed is a micro USB nub. There have been flaws out there that allow bypass of lock screens.

Yeah, your stuff might still be there when you get back, but how do you know it hasn't been messed with.

HD Moore's China Laptop Adventure.
OSWP, Sec+
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Wed Apr 03, 2013 2:42 pm

Re: JetPack SSID and password

chrisj wrote:O_o
I carry all of my tech in a backpack, or messenger bag. I never, NEVER, leave it un-attended. I only take out what I need. Usually the laptop. The jetpack, take it out start it up, confirm the laptop connects, and then put it back in the bag. If I need to move, for whatever reason, the laptop goes back in the bag and the bag goes with me. Even just to wee.


Yep. If I'm at a coffee shop and need to hit the restroom, I pack everything up and bring my bag with me. Everyone else probably thinks I need a porn break, but that's better than leaving my system unattended, even for a few minutes.
The day you stop learning is the day you start becoming obsolete.
<<

TomTees

User avatar

Newbie
Newbie

Posts: 45

Joined: Mon Apr 01, 2013 1:32 pm

Post Wed Apr 03, 2013 2:53 pm

Re: JetPack SSID and password

chrisj wrote:
First, I thought maybe you entered the SSID and Password from your laptop and/or browser...

Secondly, having access to the SSID and password on the device seems like a really poor design


first: you do have to put it on your laptop when you connect. Your laptop's wifi client will just list everything it sees, and leaves it up to you to pick which one to use. The SSID of your Jetpack is how you know which one to use. Otherwise you might click a funky looking one, and get your soul uploaded to the data cloud.

second: where else would you put the information so it is semi-readily available? One picks up the device, turns it on, and scrolls through menues to get to the options to display what you need. It's better than putting the information on the bottom of the device with a sticker.


I think there is still a disconnect here...

A couple people have said that your SSID and Password are displayed - in plain site - on your JetPack.  That would be like if your did Ctrl+Alt=Delete on a PC and it showed your Username and Password in broad daylight.  That would be insanely dumb.

From the link provided above, it seems like the Verizon Manual is saying what I just said is true, but that you can "hide" the SSID and Password so they are not shown in plain site on your JetPack.

Am I understanding that right?

Also, I am a bit confused about the SSID and Passcode's location...

I was under the impression that the JetPack just had an On-Off Button and some Buttons to show basic usage.

But if you wanted to Log-In and/or change any settings (e.g. # of Allowable Devices, Encryption Type, etc) that you had to go to your Computer/Laptop, access 192.168.1.1 on your browser, enter your SSID and Password, be authenticated, and THEN you could change settings?

Also, I thought you had to access your browser at 192.168.1.1 and log in from there every time you want to connect to the Internet via your JetPack?

(Sorry if all of this sounds dumb, but I've never owned such a device, and so it is hard to conceptualize how it works.)

However, I do not believe you ever log in from the JetPack itself, because there is no keypad to do that, right?


True, but let's be realistic...  I would buy one a JetPack because I am not in the security of my home.  (I doubt people pay the PREMIUM that Verizon charges for data usage to use a JetPack at home.)


Wireless in the home isn't safe. Look in to Hacking Wireless Exposed, or Wifu. There are people out there that lack ethics and do things because they can. That includes things like using neighbor's wifi if they can get on it.


I use wired DSL at home.


And while I always use a cable on my laptop, I can't guarantee that I am always right by the side of my latop - or in this case JetPack.


O_o
I carry all of my tech in a backpack, or messenger bag. I never, NEVER, leave it un-attended. I only take out what I need. Usually the laptop. The jetpack, take it out start it up, confirm the laptop connects, and then put it back in the bag. If I need to move, for whatever reason, the laptop goes back in the bag and the bag goes with me. Even just to wee.

Operational Security: I expect a Bob (an attacker) to be where ever I am. I expect a Bob to have basic skills. Cable locks can be easily picked or bypassed, without destroying the cable, and done in such a way that most people wouldn't even realize a crime is going on. A box can quickly be rebooted, popped, and restarted after, in the time you're at the alter praying to Ralph. In some cases all that is needed is a micro USB nub. There have been flaws out there that allow bypass of lock screens.


In the end you are correct, but o I have to live like I'm on a business trip in China everywhere I go?

If I am recording a radio show or a sporting event (e.g. College Basketball) and have to pee, does that mean I have to take 10 minutes shutting down, pack up like it's time to go home, go pee in McDonalds' bathroom, then return, take 15 minutes setting up, get back online, and now I've missed a quarter of the BB game????


Yeah, your stuff might still be there when you get back, but how do you know it hasn't been messed with.

HD Moore's China Laptop Adventure.


Scary article....


Tom
Next

Return to Wireless

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software