Why Fon should give up to close Fonera and release a open device

fonerabug
This morning , opening up my feed reader , I discovered via Andrea Beggi , that another german guy , has found the way to get the shell access to la fonera , simply using a web browser.
Inspired to the famous , already patched , injection code method , through the fon “user zone” web interface , this new method , use the web gui of the router .
Basically , it consists in creating two html pages in a local computer one to inject the iptable rule , another to make la fonera execute the code , and you get instantly shell access.
The link to the howto is here .
It’s funny anyway that since la fonera has been released , the two exploits has been discovered by german people. It’s funny because Martin elected  germans and austrians as worth people for the promise program.
But this is not what I’m intented to focus today ; my point now is a reflection about the need to close la fonera hardware.
In my experience , I have seen the success of an hardware device , as more tweakable or upgradable possible. There are many examples , wrt54G is a good example , as FON used this device to start his business just because it is reflashable and adaptable. And perhaps linksys was happy for the sellings of this router also through fon channel. Other examples could be satbox receivers , like the old humax , and more recently the german dreambox .
What I mean is that perhaps , leaving la fonera open , and freeing the possibility for anybody with skills to reflash it , to enhance it and , why not , to correct bugs along you , could be a great benefit also for FON business.
In my thought , FON has to be a real movement , with many chances to apply. One could become a fonero , giving part of his wifi , in the method more suitable to his wishes. I decided to become fonero as instance , building a linux router with chillispot and fon parameters , and my hotspot is surely 100 times more robust than a fonera one driven.

Think about it fellows and do not merely rush to release a new firmware to patch this new flaw.

Advertisements