Eircom DSL Routers Security Flaw

September 30th, 2007

A post on Irish Linux Users’ Group awhile ago linked to this boards.ie thread about a major weakness in the way the default WEP key for your Netopia is generated. The WEP key is formed from the serial number of the router and some Jimi Hendrix lyrics. That’s fair enough you might think, because nobody knows your serial number, right? For some reason, the Eircom SSID is also generated from the serial number in such a way that, given the SSID, you can easily find out the serial number, and hence the WEP key. The process has already been automated via an Eircom WEP key generator. I haven’t tried it myself, but one ILUGer has already reported that it works.

Some people will point out that WEP hardly gives much protection to begin with, since it can be cracked so easily and quickly by someone who knows what they’re doing. But now, even the laziest kid on the street can hack into your network without ever having to worry about command prompts or aircrack-ngs. Eircom broadband users would be wise to change their SSID from the default, and to switch to WPA encryption while you’re at it. (Surf to 192.168.1.254 and it’s in the options there somewhere…)

Update: I removed the link to s4dd’s site with the WEP key generator. There’s no point brushing stuff like this under the carpet, I think it is important to raise awareness about this, but at the same time I don’t want to be responsible for anyone stealing your email.

11 Responses to “Eircom DSL Routers Security Flaw”

  1. Olivier Says:

    WEP is not secure, it is crackable in less than a minute:
    http://www.cdc.informatik.tu-darmstadt.de/aircrack-ptw/

    If you want to secure your wifi, use WPA and use a strong password.

  2. Damien Mulley » Blog Archive » 150,000 eircom modems can have their password guessed - How will eircom react? Says:

    [...] news is out that you can guess the WEP key for the eircom modems that a lot of people have. Something like 100k-150k or maybe more. It seems the WEP key (which is [...]

  3. Copacetic » Blog Archive » EIRCOM Wireless networks exposed? Says:

    [...] looks bad for Eircom. If its true they have inadvertently created Ireland’s largest free WIFI network. [...]

  4. James Galvin » Eircom Respond to Netopia Security Issue Says:

    [...] the two days since I posted about the security flaw in Eircom broadband routers’ default configuration, coverage has [...]

  5. Conor Says:

    You think thats bad, a certain other large ISP in ths country used to supply their routers with default passwords and admin web interface open to the internet!

    As someone else pointed out WEP can be cracked very quickly regardless of this flaw. However the skill level required for this attack is much lower.

  6. BadWolf Zone » Eircom Quick Update Says:

    [...] http://www.jamesgalvin.com/2007/09/30/eircom-dsl-routers-security-flaw/ [ Up to a quarter of a million Eircom customers could be inadvertently sharing their broadband connections with strangers due to a security flaw in products supplied by the telecoms company.. — Irish Times ] [...]

  7. John Ward Says:

    A secondary issue is that by default the router administration password is left blank by default.

    Once you’re on someone else’s eircom wifi network going to the router gives you full access. All sorts of damage could be done!

  8. Aehso’s Output » Eircom and Monster.ie - Busy week for the Irish Blogosphere Says:

    [...] the Eircom router wifi security fiasco and now a Monster fiasco is brewing. Wonderful stuff, watching the Irish blogosphere (or rather [...]

  9. Bert Says:

    There’s another ISP who set teh default passphrase the exact same for teh first 6 digits at all their wireless points. How silly is that?

    e.g.
    AP1
    ABCDEF*****

    ABCDEF$$$$$

    ridiculous, hopefully they’ll get some publciity as well

    Bert

  10. Mark23 Says:

    Thanks for providing this information, Really we should fine out some ways to secure our Wifi in some way from the hackers.

  11. billy Says:

    Cracking wep is very easy all you need is the following:
    + Aircrack-ng suite
    + Atheros Chipset Wifi Adaptor
    + Know how of using Linux

    ;)

Leave a Reply

I am from Cork, Ireland. A fan of the Big Lebowski, Mac OS X, Linux, Cork hurling, Munster rugby, Irish football. Interests include QuakeWorld, Python (lately Django), network security, web applications and technology in general.

Leave a comment if you come across something that interests you. My contact details are here. Alternatively, you can connect on LinkedIn or Twitter.