The story of the Anonabox internet privacy router has a new ridiculous chapter. The initial production batch of the device has a major security flaw and Anonabox's overlords, Sochule have informed customers that it will replace those routers for free. It turns out the routers in question shipped without Wi-Fi password protection. Yup, the Anonabox "cloaking device" didn't have the simplest form of router security, a network password. Sure users could anonymously surf the Internet via Tor, but they couldn't stop anyone from within Wi-Fi range from hopping on their network and potentially hacking their devices. It was also determined that the root password of the affected devices is the incredibly easy to guess "Admin." According to a Wired report, 300 of the approximately 1,500 routers sold were about as secure as a screen door.
From its launch on Kickstarter, the Anonabox saga has been series of false claims. After blowing past its funding goal on Kickstarter, the crowd-funding site pulled the product citing false hardware claims. It was also discovered that many of the security declarations made by the company were inaccurate. After the device was moved to Indiegogo, creator August Germer's claims of involvement with the Tor community were also debunked.
Also, as noted by security researcher Nicholas Weaver, Anonabox users will most likely use non-Tor browsers on the Tor network. You should never use the same browser for Tor and non-Tor traffic because your ID cookie is logged in both instances.
Hey @anonabox, even IF your shit was secure (instead of grossly vulnerable), non-Tor Browser over Tor is EPICFAIL and known insecure.- Nicholas Weaver (@ncweaver) April 7, 2015
Still, the company was able raise more than $82,00 and has apparently already sold about 1,500 devices. We'll never know how many of those were purchased by individuals believing the privacy hype and how many were bought by security researchers for the lulz.
[Image credit: Anonabox]