Journey with Confidence RV GPS App RV Trip Planner RV LIFE Campground Reviews RV Maintenance Take a Speed Test Free 7 Day Trial ×
RV Trip Planning Discussions

Go Back   iRV2 Forums > RV SYSTEMS AND TECHNOLOGIES FORUMS > Technology: Internet, TV, Satellite, Cell Phones, etc.
Click Here to Login
Join iRV2 Today

Mission Statement: Supporting thoughtful exchange of knowledge, values and experience among RV enthusiasts.
Reply
  This discussion is proudly sponsored by:
Please support our sponsors and let them know you heard about their products on iRV2
 
Thread Tools Search this Thread Display Modes
 
Old 05-14-2022, 11:38 AM   #71
Senior Member
 
redbaron73's Avatar
 
Newmar Owners Club
Freightliner Owners Club
Join Date: Jun 2011
Location: Texas
Posts: 5,862
Blog Entries: 4
ddns...used to take the serial number of the WFR end user device and assign it an easy to locate name always updated with your current Internet connection.

Have you been able to determine if this can be disabled in the UI?
__________________
2022 London Aire 4551 * 2022 GD Imagine 2800BH * 2021 RAM 3500 DRW * 2020 Wrangler
NHSO (Newmar Hoot, Sevierville Original)
Kindness Matters
redbaron73 is offline   Reply With Quote
Join the #1 RV Forum Today - It's Totally Free!

iRV2.com RV Community - Are you about to start a new improvement on your RV or need some help with some maintenance? Do you need advice on what products to buy? Or maybe you can give others some advice? No matter where you fit in you'll find that iRV2 is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with other RV owners, see fewer ads, upload photographs, create an RV blog, send private messages and so much, much more!

Old 05-14-2022, 11:41 AM   #72
Tech Aficionado
 
Suburbazine's Avatar


 
Join Date: Jul 2021
Location: Pigeon Forge, TN
Posts: 258
Quote:
Originally Posted by redbaron73 View Post
ddns...used to take the serial number of the WFR end user device and assign it an easy to locate name always updated with your current Internet connection.

Have you been able to determine if this can be disabled in the UI?

According to RVWifiGuru it is disabled by the "Sync Data" radio button, except in this case it doesn't seem to do so correctly. Maybe has something to do with the perpetual flipflopping of the UI every reboot.


Maybe WFR has a backup config that runs after device crashes as a safe mode feature?
__________________
2021 Newmar Super Star 4051, Glacier Interior + Exterior
2021 Bravo Silver Star 24'
2015 Genesis G80 Ultimate, Caspian Black
Suburbazine is offline   Reply With Quote
Old 05-14-2022, 11:50 AM   #73
Senior Member
 
redbaron73's Avatar
 
Newmar Owners Club
Freightliner Owners Club
Join Date: Jun 2011
Location: Texas
Posts: 5,862
Blog Entries: 4
Quote:
Originally Posted by Suburbazine View Post
According to RVWifiGuru it is disabled by the "Sync Data" radio button, except in this case it doesn't seem to do so correctly. Maybe has something to do with the perpetual flipflopping of the UI every reboot.


Maybe WFR has a backup config that runs after device crashes as a safe mode feature?
So after "securing" the device, and doing a reboot thru the UI, does it come back as secure or insecure?
__________________
2022 London Aire 4551 * 2022 GD Imagine 2800BH * 2021 RAM 3500 DRW * 2020 Wrangler
NHSO (Newmar Hoot, Sevierville Original)
Kindness Matters
redbaron73 is offline   Reply With Quote
Old 05-14-2022, 12:16 PM   #74
Tech Aficionado
 
Suburbazine's Avatar


 
Join Date: Jul 2021
Location: Pigeon Forge, TN
Posts: 258
Quote:
Originally Posted by redbaron73 View Post
So after "securing" the device, and doing a reboot thru the UI, does it come back as secure or insecure?

It still shows connections to admin and auth even with the button toggled, saved and rebooted. But the device is hanging or crashing frequently when these settings are changed so I'm not sure if the UI is actually in sync with the config file or not.
__________________
2021 Newmar Super Star 4051, Glacier Interior + Exterior
2021 Bravo Silver Star 24'
2015 Genesis G80 Ultimate, Caspian Black
Suburbazine is offline   Reply With Quote
Old 05-14-2022, 12:31 PM   #75
Senior Member
 
redbaron73's Avatar
 
Newmar Owners Club
Freightliner Owners Club
Join Date: Jun 2011
Location: Texas
Posts: 5,862
Blog Entries: 4
Most likely a bug in WFR rush to push out something to address the security concerns we have raised.

I suspect that a new firmware will be released.
__________________
2022 London Aire 4551 * 2022 GD Imagine 2800BH * 2021 RAM 3500 DRW * 2020 Wrangler
NHSO (Newmar Hoot, Sevierville Original)
Kindness Matters
redbaron73 is offline   Reply With Quote
Old 05-14-2022, 01:38 PM   #76
Senior Member
 
GUS2000's Avatar


 
Newmar Owners Club
Freightliner Owners Club
LA Gulf Coast Campers
Join Date: May 2018
Location: Lafayette, LA
Posts: 371
Great work on this guys..very informative and very scary at the same time..
__________________
GUS2000
2021 Newmar Superstar 4051/Blue Ox Apollo
2017 Ford Explorer/2018 Ford SuperDuty/M&G Braking System
HAM - K5OJT - Yaesu 991A
GUS2000 is offline   Reply With Quote
Old 05-14-2022, 01:47 PM   #77
Junior Member
 
Join Date: Apr 2021
Posts: 22
Quote:
Originally Posted by Suburbazine View Post
According to RVWifiGuru it is disabled by the "Sync Data" radio button, except in this case it doesn't seem to do so correctly. Maybe has something to do with the perpetual flipflopping of the UI every reboot.


Maybe WFR has a backup config that runs after device crashes as a safe mode feature?



About 6 months ago my everest had a corrupt boot partition and went into a safe-mode (it broadcast a special SSID in that state as well) that had a minimal config to allow you to get back online. In that state the wifi ranger id went to a default 5000 instead of my original ID. Once back online I clicked update firmware which then pulled down a new default boot image and it put my original wrf ID that it shipped with back on the system. So yes that would indicate a some sort of backup does exist in the event it goes into safe mode.
__________________
__________________
Jason D
1999 Monaco Diplomat 38a Cummins ISB 275 5.9L
jasondietz is offline   Reply With Quote
Old 05-14-2022, 02:17 PM   #78
Junior Member
 
Join Date: Apr 2021
Posts: 22
Quote:
Originally Posted by redbaron73 View Post
I have taken the capture that was performed after the security profile was applied and uploaded to a public report server. Use this link to view what data the WifiRanger is sending with no clients behind it.


https://apackets.com/pcaps?pcap=82fd...ng&view=charts


If you look at DNS, look how many times it tries to phone home to networks such as:






admin.wifiranger.com
www.whytemesh.com

These are both domains operated by Wifi Ranger/ WInegard.

It gets even worse -- there is active data being sent to both:

GET /success_204.php HTTP/1.1Host: www.whytemesh.com
Accept: */*






POST /shaper_post.php HTTP/1.1Host: admin.wifiranger.com
Accept: */*
Accept-Encoding: identity
Connection: Keep-Alive
Content-Length: 129
Content-Type: application/x-www-form-urlencoded




This is a big deal above---actuall log data is still being sent to wifiranger even after they claimed to disable it.



Even with sync off, remote-admin disabled via the profile the wfr still needs to determine if its online or not so it know if its connected. Features like multi-wan, failover and admin page redirect would not work without making that determination. It would also be nice to have that "am I online" check be a field that could possibly be customer supplied URL in the event a superuser wanted to change that for security reasons. Having it check a wfr url though makes sense from a support/reliability standpoint.


I would certainly like a wfr representative or Joel to weigh in on that though, that would go a long way to alleviating some of the community's concerns and assumptions in the absence of any documentation.
__________________
__________________
Jason D
1999 Monaco Diplomat 38a Cummins ISB 275 5.9L
jasondietz is offline   Reply With Quote
Old 05-14-2022, 02:53 PM   #79
Tech Aficionado
 
Suburbazine's Avatar


 
Join Date: Jul 2021
Location: Pigeon Forge, TN
Posts: 258
So after digging on the rogue Android device, I have learned that I have a compromised Skylight picture frame. It is able to automatically connect to nearby 2Ghz networks using weak passwords at minimum. I'm guessing "temppass" is in that list as well as dumb ones like "password". The frame indicates on its screen that no network connection is available (that's a lie, it connects autonomously).

This device does hit Adups when it connects, so most likely the Denali was being victimized by the malware connecting to it right when it finished starting up and was initiating an internet connection.

Further testing has not shown the Adups connection from the Denali despite multiple waits and reboots.
__________________
2021 Newmar Super Star 4051, Glacier Interior + Exterior
2021 Bravo Silver Star 24'
2015 Genesis G80 Ultimate, Caspian Black
Suburbazine is offline   Reply With Quote
Old 05-14-2022, 03:02 PM   #80
Senior Member
 
redbaron73's Avatar
 
Newmar Owners Club
Freightliner Owners Club
Join Date: Jun 2011
Location: Texas
Posts: 5,862
Blog Entries: 4
UPDATE -- WIFI RANGER CAUGHT LEAKING PRIVATE INFORMATION 5/14/2022

We have just proven another claim by Winegard WIFI Ranger as an inaccurate statement.

The claim regarding shaper post was stated here:
Quote:
I think others have already posted what shaper post is. It is part of the keep alives that tell the WiFiRanger it is online and how so it can re-route traffic on a failover. Nothing nefarious about it. Admin.wifiranger.com is the server that responds, to avoid beating up public servers, creating a denial of service block by them. This is not that complicated.
Jason & I both said we did not believe that to be true. Today the data leak was captured live while it was happening.

I am not posting this particular packet capture, as our methods are being altered to avoid detection by WFR. We suspect that WFR is working to block our efforts in real time as this information is very damaging.

Here is a screenshot of the data capture:
Click image for larger version

Name:	Screenshot 2022-05-14 155541.png
Views:	6
Size:	56.0 KB
ID:	365477

The data I blocked out is time stamp data, that WFR could use to determine the device that is being used for this investigation, as well as the mac address of that device.

For those that are not geeks--a device MAC address is the equivalent of your social security number. It is unique to you and cannot normally be changed.

It is very wrong for this data to be collected as this is the equivalent of a location tracker that could be used to target an individuals location, and all internet activity this person does.

It is very valuable information to be collected. If this was the EU the individuals running WFR would be in jail.

Any media outlets that would like to run this story should send me a PM and we will provide full details for audit purposes.

I suggest that everyone spread the word to stop using this device. Your personal safety could easily be at risk, and your personal data is definitely at risk.

You are being tracked, and I call that nefarious.

Click image for larger version

Name:	Screenshot 2022-05-14 155157.png
Views:	9
Size:	84.0 KB
ID:	365476
__________________
2022 London Aire 4551 * 2022 GD Imagine 2800BH * 2021 RAM 3500 DRW * 2020 Wrangler
NHSO (Newmar Hoot, Sevierville Original)
Kindness Matters
redbaron73 is offline   Reply With Quote
Old 05-14-2022, 03:07 PM   #81
Junior Member
 
Join Date: Apr 2021
Posts: 22
Quote:
Originally Posted by Suburbazine View Post
So after digging on the rogue Android device, I have learned that I have a compromised Skylight picture frame. It is able to automatically connect to nearby 2Ghz networks using weak passwords at minimum. I'm guessing "temppass" is in that list as well as dumb ones like "password". The frame indicates on its screen that no network connection is available (that's a lie, it connects autonomously).

This device does hit Adups when it connects, so most likely the Denali was being victimized by the malware connecting to it right when it finished starting up and was initiating an internet connection.

Ah that's good to know you found the culprit and helps explain the concerning datapoints you mentioned.


That leaves NTP pool, Speedtest and the "am I online" check back to admin.wifiranger.com/www.whytemesh.com as the only outstanding concerns right Suburbazine? All of which are extremely valid points.
__________________
__________________
Jason D
1999 Monaco Diplomat 38a Cummins ISB 275 5.9L
jasondietz is offline   Reply With Quote
Old 05-14-2022, 03:10 PM   #82
Senior Member
 
redbaron73's Avatar
 
Newmar Owners Club
Freightliner Owners Club
Join Date: Jun 2011
Location: Texas
Posts: 5,862
Blog Entries: 4
Quote:
Originally Posted by jasondietz View Post
Ah that's good to know you found the culprit and helps explain the concerning datapoints you mentioned.


That leaves NTP pool, Speedtest and the "am I online" check back to admin.wifiranger.com/www.whytemesh.com as the only outstanding concerns right Suburbazine? All of which are extremely valid points.
The biggest of which is in the above post--where mac addresses are being logged along with geolocation information.
__________________
2022 London Aire 4551 * 2022 GD Imagine 2800BH * 2021 RAM 3500 DRW * 2020 Wrangler
NHSO (Newmar Hoot, Sevierville Original)
Kindness Matters
redbaron73 is offline   Reply With Quote
Old 05-14-2022, 04:30 PM   #83
Tech Aficionado
 
Suburbazine's Avatar


 
Join Date: Jul 2021
Location: Pigeon Forge, TN
Posts: 258
I'm not certain that the exposed traffic is geolocation data- I don't even have the GPS antenna (part of the Quectel) installed. The opening bit of data is definitely the MAC address stickered to the WAN port of the device, which is odd because the connected MAC is actually the Wifi not the Ethernet. The following data I'm not so sure about, extensive testing shows that it varies quite a lot between POSTs. It may still be telemetry of some sort, perhaps device state or performance metrics? It's a tiny amount of data though. The data line also includes the current firmware version.



The Denali pulls NTP time ridiculously frequently from multiple sources, like it's scared the internal clock is not reliable. With failover and load balancing disabled and only one possible connection route, I don't see why it needs to check upstream availability at a rate of once a second. It's practically hammering whytemesh with pings.
__________________
2021 Newmar Super Star 4051, Glacier Interior + Exterior
2021 Bravo Silver Star 24'
2015 Genesis G80 Ultimate, Caspian Black
Suburbazine is offline   Reply With Quote
Old 05-14-2022, 04:42 PM   #84
Senior Member
 
redbaron73's Avatar
 
Newmar Owners Club
Freightliner Owners Club
Join Date: Jun 2011
Location: Texas
Posts: 5,862
Blog Entries: 4
Geolocation is garnered from the IP address being tagged to the hardware. The GPS coordinates are not shown, but that's not required when tools such as geoIp are used.

The fact that the public IP is tracked to the individual identifier is what gives a person's geolocation.
__________________
2022 London Aire 4551 * 2022 GD Imagine 2800BH * 2021 RAM 3500 DRW * 2020 Wrangler
NHSO (Newmar Hoot, Sevierville Original)
Kindness Matters
redbaron73 is offline   Reply With Quote
Reply

Tags
wifi



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Newmar Security alert for Wifi Ranger redbaron73 Newmar Owner's Forum 41 05-15-2022 09:07 AM
Rooftop Wifi booster -- WiFi Ranger or Winegard? manowell Technology: Internet, TV, Satellite, Cell Phones, etc. 28 12-22-2018 05:55 PM
WiFi Ranger Announces WiFi Ranger Upgrades SafeSurf VPN System DriVer RV Industry Press 0 12-07-2018 02:44 PM
WiFi Ranger vs PDQ Connect vs Wave WiFi specmga1 Technology: Internet, TV, Satellite, Cell Phones, etc. 4 02-22-2016 05:26 AM
WiFi Ranger and jetpack wifi somerka Technology: Internet, TV, Satellite, Cell Phones, etc. 18 02-16-2016 01:35 PM

» Featured Campgrounds

Reviews provided by


All times are GMT -6. The time now is 12:46 AM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2022, vBulletin Solutions, Inc.