Blog

Latest Articles

"Secure 4G WIFI router" scam

Published on January 24, 2022

The 2nd scam: "Secure 4G WIFI router"

If you think that selling banana phones as “secure” cell phones on eBay is the only scam that Deniz Ok sell, you are wrong. There is another scam he sell on eBay, even bigger: “Secure 4G WIFI router portable Hotspot VPN encrypted ~ IMEI ~ untrace stealth”.

What is actually that?

Well, nothing special. Is just a regular Huawei router (E5573/E5770/E5885 series) which have a built in feature that allow IMEI changing by AT commands or directly from router control panel. There is no “encrypted” connection as scammer lie on eBay. Just to make it look more complex and complicated as actually is (for unaware buyers), scammer Deniz Ok is using “Airport Express” as model name, a term which is used only by iOS devices. Not to mention that scammer is faking also device manufacturer: instead of Huawei (Huawei logo is clear shown on some pics he posted), he pretend that the brand is called “Securwifi” (?!), a name that does not exist on a simple search on Google.
Huawei router price is only about 30-40 USD. You can check it on Google. Taking advantage on regular people lack of knowledge, scammer Deniz Ok is reselling this device with 400 GBP (about 540 USD) without making any modifications to make it more “secure”. Nothing. Nada. Zero. But 200% profit margin. Cool or what?
On Aliexpress.com you can find the same product he sell (and same pictures he use on eBay), with detailed description. Nothing about “special” security, encrypted connection and all that sort of lies scammer use: Aliexpress. Same here. And here.

No need to pay huge prices to this scammer. Here is how you can change regular router IMEI:

Huawei mobile routers & WIFI hotspots are well known for IMEI change capabilities. Nothing new about this. But this is not enough to make a mobile router secure, untraceable and stealth, as scammer Deniz Ok pretend.
Here is why:

A mobile router/WIFI hotspot does need a SIM card in order to work. SIM card provide connection between router and mobile network (outer world, internet). And guess what: router will connect to mobile network trough… cell towers and not directly to internet because this is just impossible. Hence, no real security because to allow connection, cell tower (and mobile network servers) need to know 2 things about any device that is asking for connection (including mobile routers): IMEI (router ID) and IMSI (SIM card ID). Only after providing this sensitive information to network, a mobile router can connect to internet trough a cell tower. For those who don’t know, there are some devices called IMSI catchers, used for location tracking, call interception and data interception. An IMSI catcher does what is supposed to do: collecting IMEI and IMSI, then using them for further operations as location tracking, call interception and data interception. Funny, isn’t it?
If mobile router IMEI can be changed at will, IMSI cannot be changed unless you insert every time another SIM card. However, when mobile router will connect to cell tower both IMEI and IMSI are broadcasted over the air and used for interception purposes. If an IMSI catcher or GSM interceptor are active within range, interception, location tracking and monitoring is trivial.
When you are on the move, mobile router will connect to other cell towers (trough SIM card) exactly as any other cell phone when travelling. Hence, your location data is exposed and widely available for network provider and law enforcement (and even for hackers). Location tracking is trivial. And “security” is just a lie that scammer Deniz Ok tells you.
Every single mobile router does have a so called router ID: a 32-bit IP address that uniquely identifies a router in an Autonomous System. This is also vulnerable to interception.
Every single mobile router have a MAC address (hardware ID) which is also vulnerable to location tracking and surface attacks.
Every single mobile router does use a SSID (wireless network name) broadcasted in clear text over the air. This is also a vulnerability, transforming your “secure” mobile router in a sitting duck when it comes to lawful interception because will say “hey, here I am!” to any mobile interception systems.

Compared with regular cell phones, a mobile router is more vulnerable to remote attacks, interception and monitoring because is using 2 vulnerable wireless connections (since a cell phone usually have a single connection with cell towers): wireless connection with cell towers and wireless connection with your cell phone, laptop or PC. Different radio frequencies but same vulnerabilities:

This is how “secure wifi hotspot” sold by Deniz Ok provide “secure” internet connection.

Any mobile WIFI router / mobile hotspot is more vulnerable to over the air attacks than a regular cell phone. There are 2 essential vulnerabilities:

1. Wireless connection between router and your mobile device (cell phone, tablet, laptop, PC, etc.). Intercepting WIFI is trivial and more easy to do than intercepting a cell phone, due to WIFI security lack (authentication procedures, encryption, etc.) compared to regular mobile networks. As a matter of fact, tactical WIFI interception systems are way more cheap than mobile interception systems. You can find plenty of such systems on a simple Google search. Just to name few:

2. Wireless connection between router and outer world (regular mobile network).
Thinking of connecting your cell phone or PC to WIFI router / mobile hotspot via cable, which will reduce attack surface? Well, is remaining another vulnerable connection: data connection to cell tower that provide internet connection. If you think that your “secure” router is connected somehow directly (via cable?) to some sort of “secure” servers, you are completely wrong. This is not how it works. Your “secure” router will connect to the closest cell tower within your area (in the very same way as your cell phone does), in order to provide internet connection. Hence, no matter which kind of data connection exist between cell tower and the rest of the network: wireless connection is the weak point, exploitable by regular IMSI catchers and GSM interceptors that will intercept data connection (like this one), not to mention lawful interception systems.

Not least, “Secure 4G WIFI router portable Hotspot VPN encrypted ~ IMEI ~ untrace stealth” scam sold by Deniz Ok, is made by Huawei. Remember that back in May 2019, the US added Huawei to a trade blacklist over the company’s alleged ties to Beijing, which were seen as a national security threat. So, a totally unsecure device is sold as a “untraceable stealth” router. No other comments are needed.

Read the full first SCAM report here.

Share This Article

Let’s keep in touch!

We’d love to keep you updated with our latest news and offers

Further articles

Google Smartphone

DeGoogled Android

We know you all want to get rid of Google apps on your Android smartphone. But can you really get rid of them? And is it really good for your privacy and security? We don’t think so. Read more

Anonymous SIM Scams

Beware Anonymous SIM Scams

Protected SIM cards? Empty promises of benefits that are in fact useless and do not protect you from interception. Read the full article

Voice recording image

Voice call encryption: does really protect your privacy?

Encrypted calls protect you from those who can’t listen in on your calls, but don’t protect from those who can listen to your calls – law enforcement. Read More.