Sunday, February 06, 2011

The Trojan Horse

So then the engineer said you can't turn off the wireless connection. But it's protected by a password. It's basically four characters long and can't be changed. What? Let's jump back.

I was still in bed at 09:50 Saturday morning with my wife rushed in to put on some better clothes. Was she going out? No, a KT engineer was coming to our apartment to install an Internet phone.

You know how these days it's quite popular in scripted television to dispense with a linear narrative and instead join a story half way through, and then jump around in time to fill in the back-story? That's what my entire life is like in Korea behind the language barrier.

So what's the Internet phone back-story? Apparently between our Internet connection and TV package we spend a lot of money, so we were offered one for free. Well, I say 'we', but only in the most general sense, because no-one offered me anything. You know how people sometimes say they didn't get the memo? Sometimes I think I might not even be on the payroll.

But OK though – it ticks all the boxes, because the deal contains two of the three most important words in the English language – 'free' and 'Internet'.

The engineer arrives and hacks away at one of the wall sockets behind the TV in the lounge. By the time he's finished a wire will run out from under the plastic housing which from experience I increasingly believe must be the method taught in Korean schools and universities. Later, the plastic cable shielding is dispensed with entirely in order to split the underlying wires off in different directions.


And then our phone comes out of the box, along with a large block of moulded plastic which I quickly surmise from the holes in the back is a four-port router. Interesting, I think to myself – because our current 'Anygate' router is in our office and it seems to have a wireless reach of about 15 feet in our apartment, although it really needs a clear line of sight to work well, despite its six inch antenna. By coincidence, six inches is about the distance my Samsung NC10 likes to be away from the router to get a good connection. Perhaps our apartment has thick walls, bad atmospherics and radio spectrum interference.

The new router transpires to be wireless, for the phone – prompting my first question – how can we turn it off? You can't. I suppose that follows – because it's needed for the phone, and I guess you'd expect to have that on all the time. But now this isn't looking like such a good plan. My computers run a mix of Ubuntu Linux and Windows, the latter being a reluctant necessity for some of my trading systems and Korean Internet banking. I try to aggressively protect our IT infrastructure because computer problems cost money in my line of work, and our office router has the longest possible encryption key and its wireless networking switched off when not in use. Then along comes our new Internet phone and suddenly we're broadcasting to all and sundry.

My next question, translated into Korean, is 'will this frak around with our office network?' So the engineer suddenly enters our office and walks up to my computer before I realise what he's doing. He predictably fails to recognise that I already have a browser window open on my Windows machine because it's sitting inside a VMware window running Ubuntu, but he does win points for recognising the Firefox icon and immediately starting it up. “This country is changing”, I thought – back in 2007 when I presented an earlier KT Internet engineer with a Firefox window so he could check something he practically panicked. In fact, I'm not sure he understood that you don't need Internet Explorer to access the Web.

Personally, I might have turned off the phone at night, because apparently we're keeping the old landline phone, and we all have our mobiles turned on 24 hours a day anyway since this is how we communicate with each other in the apartment. Yes, we're just another Korean cellphone family.

So the router has a password written on the back. It can't be changed. It's four characters long. Four. But hey, I write sarcastically, at least it's a mix of letters and numbers. As a British computer science graduate, I often wonder what they teach computer science undergraduates in Korean universities, because it certainly doesn't seem to be computer science and it certainly isn't common sense either. This Windows-ActiveX obsessed country frets about the risks of cyberwarfare from North Korea and, realising that hardware is becoming increasingly commoditised and made in China, it wants to become a 'global software hub', even though it's kind of hard to base your economy on intellectual property when your citizens think that software piracy is practically a human right. There are a lots of things I like about Korea, but with my background, software and IT security aren't among them.

Every week I go to Busan e-FM and recently they've moved to a new location. They are now housed in a building belonging to the Busan IT Promotion Agency. I wish them luck.

Apparently, our new KT Internet phone can call other KT Internet phones for free. But not SK or LG phones. So if we say it's VoIP, it's a very broad definition of the term because it's only really useful in the walled-garden of our provider; as I understand it otherwise the charges are comparable to normal. But, allegedly, you can buy another KT Internet phone for 30,000 won, take it or send it overseas and plug it into an obviously non-KT connection, and still phone other KT Internet phones in Korea for free, which is quite handy if true. Whether it's really worth potentially compromising your network security over however, is a question only you can answer.

2 comments:

Chris in South Korea said...

Let's see - a 4 character password against a brute-force attack... According to http://howsecureismypassword.net/, that would take about a second with a desktop PC. We're assuming there's no lockout in place, and that said attack could happen from any connected computer...?

I'll stick to my cell phone.

Mike said...

Yes - that sounds about right. It occurred to me that being little more than an enhanced four-port router there's probably an administration screen lurking around on one of the IP numbers, so I could find it and access it. Of course, one wonders whether the router's admin page has any security on itself... and if not, if anyone could access that too :-)

Changing the password in the router would probably be pointless anyway since my guess is it's written into the phone handset in a way that requires a specialist device to change, but I did wonder if I might be able to do some MAC-address filtering... although I don't know the MAC-address of the handset and there might not be an easy way of finding out.

Or since Korean Mother wants to keep her new Internet phone, maybe I just have to accept that I've potentially become our local free ISP.

Post a Comment