Easy to get the router's account and password

---

@aabbcc wrote:

It's easy to get the router's admin's account and password through the Nighthawk app.

 

---

Can you explain what password you are talking about here?

Is it the one you use to get in to control the device or the one you need to use the wifi?

And what Nighthawk App is this? Android? iThing?

I don't use fingerprint detection, but wouldn't you expect it to respond to your fingerprint to get in to the thing?

Or are you saying that it will respond to any fingerprint?

Or does it let you in even if you haven't set up fingerprint recognition?

The big risk is if anyone can just pick up your device and get into the router. Is that what you are saying?

---

@michaelkenward wrote:

---

@aabbcc wrote:

It's easy to get the router's admin's account and password through the Nighthawk app.

 

---

Can you explain what password you are talking about here?

 

Is it the one you use to get in to control the device or the one you need to use the wifi?

 

And what Nighthawk App is this? Android? iThing?

 

I don't use fingerprint detection, but wouldn't you expect it to respond to your fingerprint to get in to the thing?

 

Or are you saying that it will respond to any fingerprint?

 

Or does it let you in even if you haven't set up fingerprint recognition?

 

The big risk is if anyone can just pick up your device and get into the router. Is that what you are saying?

 

---

I'm talking about the password of the control of the router,IOS app.

Firstly,connect the netgear router by wifi.

Then,open the Nighthawk App.

Choose "LOG IN WITH TOUCHID"

Success,and get the control of the device.Even can get the admin's password.

It means anyone once he connect the netgear router's wifi I shared and install the nightkaws app,He can get the control of the device by his own TOUCHID through the nightkaws app without admin's account and password and can do anything he wants to do. 

When activating the Touch ID (fingerprint sensor) in the App, you allow the App to store the admin password - thus when unlocking the App using the Touch ID, you allow the App to access the router and offer all the App convenience to the customer.

This usage and security model is the very similar in many applications, even finance Apps like Paypal allow almost full access to your Paypal accounts.

One might dispute that the Nightawk App does not allow removing the Touch ID access however, reverting to password is apparently to difficult for many home users or consumers, as this is one of the most asked questions: "I forgot the router password.". That's why the capability is there in the App - to see the password - after a valid authentication by Touch ID.

Sorry. I am still lost.

How does the use of fingerprint access on your iPhone give someone else access to your router's control interface and its wifi passwords?

It's like a stored password or "remember me" - the Touch ID does allow to unlock Michael. When I'm using for the Paypal App to send or receive money, it's the same - the login is linked to the fingerprint (however - stored password, token, certificate, ...), no need to enter the password.

Here on Android (Pixel 2, Android 8.1) the "Login with your fingerprint" is a little bit wonky of workable at all on the Nightawk App.

---

@schumaku wrote:

When activating the Touch ID (fingerprint sensor) in the App, you allow the App to store the admin password - thus when unlocking the App using the Touch ID, you allow the App to access the router and offer all the App convenience to the customer.

 

This usage and security model is the very similar in many applications, even finance Apps like Paypal allow almost full access to your Paypal accounts.

 

One might dispute that the Nightawk App does not allow removing the Touch ID access however, reverting to password is apparently to difficult for many home users or consumers, as this is one of the most asked questions: "I forgot the router password.". That's why the capability is there in the App - to see the password - after a valid authentication by Touch ID.

---

But in the fact,others app using the fingerprint sensor needs to login with account and password successfully before the user activating the Touch ID.The Nighthawk is not,it doesn't need to login with account and password at the first time,it allows anyone only get the wifi's password,download the Nighthawk app and choose login with Touch ID directly.

---

@michaelkenward wrote:

Sorry. I am still lost.

 

How does the use of fingerprint access on your iPhone give someone else access to your router's control interface and its wifi passwords?

 

 

---

For example:

     1. A friend visits my homs and I give him my netgear router wifi's passord.

     2.He connects my router on his own iphone.

     3.He opens the Nighthawk app and chooses login with TouchId.

     4.He will login in successfully and gets the control of my router.

     Attention please,He just knows the wifi's passord and never know the router's control account and password.

---

@aabbcc wrote:
But in the fact,others app using the fingerprint sensor needs to login with account and password successfully before the user activating the Touch ID. The Nighthawk is not,it doesn't need to login with account and password at the first time,it allows anyone only get the wifi's password,download the Nighthawk app and choose login with Touch ID directly.

---

Black magic? If true, this sounds badly wrong.

Similar - but the opposite - to the non-workable fingerpint sensor here on the Pixel 2 (Android 8.1, App 2.1.3.325). Why I don't wonder?

Can't get past the Touch ID registration without ever having entered a password here on a current iPhone with a scratch installed Nightawk App:

So to register the App for Touch ID, a password must be provided ... at least once.