A post on Irish Linux Users’ Group awhile ago linked to this boards.ie thread about a major weakness in the way the default WEP key for your Netopia is generated. The WEP key is formed from the serial number of the router and some Jimi Hendrix lyrics. That’s fair enough you might think, because nobody knows your serial number, right? For some reason, the Eircom SSID is also generated from the serial number in such a way that, given the SSID, you can easily find out the serial number, and hence the WEP key. The process has already been automated via an Eircom WEP key generator. I haven’t tried it myself, but one ILUGer has already reported that it works.
Some people will point out that WEP hardly gives much protection to begin with, since it can be cracked so easily and quickly by someone who knows what they’re doing. But now, even the laziest kid on the street can hack into your network without ever having to worry about command prompts or aircrack-ngs. Eircom broadband users would be wise to change their SSID from the default, and to switch to WPA encryption while you’re at it. (Surf to 192.168.1.254 and it’s in the options there somewhere…)
Update: I removed the link to s4dd’s site with the WEP key generator. There’s no point brushing stuff like this under the carpet, I think it is important to raise awareness about this, but at the same time I don’t want to be responsible for anyone stealing your email.
6 Comments
WEP is not secure, it is crackable in less than a minute:
http://www.cdc.informatik.tu-darmstadt.de/aircrack-ptw/
If you want to secure your wifi, use WPA and use a strong password.
You think thats bad, a certain other large ISP in ths country used to supply their routers with default passwords and admin web interface open to the internet!
As someone else pointed out WEP can be cracked very quickly regardless of this flaw. However the skill level required for this attack is much lower.
A secondary issue is that by default the router administration password is left blank by default.
Once you’re on someone else’s eircom wifi network going to the router gives you full access. All sorts of damage could be done!
There’s another ISP who set teh default passphrase the exact same for teh first 6 digits at all their wireless points. How silly is that?
e.g.
AP1
ABCDEF*****
ABCDEF$$$$$
ridiculous, hopefully they’ll get some publciity as well
Bert
Thanks for providing this information, Really we should fine out some ways to secure our Wifi in some way from the hackers.
Cracking wep is very easy all you need is the following:
+ Aircrack-ng suite
+ Atheros Chipset Wifi Adaptor
+ Know how of using Linux
6 Trackbacks/Pingbacks
[...] news is out that you can guess the WEP key for the eircom modems that a lot of people have. Something like 100k-150k or maybe more. It seems the WEP key (which is [...]
[...] looks bad for Eircom. If its true they have inadvertently created Ireland’s largest free WIFI network. [...]
[...] the two days since I posted about the security flaw in Eircom broadband routers’ default configuration, coverage has [...]
[...] http://www.jamesgalvin.com/2007/09/30/eircom-dsl-routers-security-flaw/ [ Up to a quarter of a million Eircom customers could be inadvertently sharing their broadband connections with strangers due to a security flaw in products supplied by the telecoms company.. — Irish Times ] [...]
[...] the Eircom router wifi security fiasco and now a Monster fiasco is brewing. Wonderful stuff, watching the Irish blogosphere (or rather [...]
[...] They WEP-key used was based on the serial number of the router. No real problem except that the serial number was part of the broadcast SSID (the name of the network). This can be read by any wifi enabled device. So it was fairly simple to add 1 + 1 and come up with the WEP key. [...]
Post a Comment