La Fonera hacked again

Once again Stefan and Michael exploited la fonera to get shell access , even on latest firmware release 0.7.1-2.

For the impatients just do the following

  1. connect to web interface of la fonera via “My place”
  2. change the dns to
  3. reboot la fonera
  4. enjoy your ssh access
  5. change the DNS entry to the one of your choice ( I suggest OpenDNS )

For all those who wants to go deeper , read directly on Stefan web site.

It’s chillispot.conf injection via fake radius server and DNS spoofing.

Congratulation guys , you’ve got talent !