Eircom DSL Routers Security Flaw
September 30th, 2007
A post on Irish Linux Users’ Group awhile ago linked to this boards.ie thread about a major weakness in the way the default WEP key for your Netopia is generated. The WEP key is formed from the serial number of the router and some Jimi Hendrix lyrics. That’s fair enough you might think, because nobody knows your serial number, right? For some reason, the Eircom SSID is also generated from the serial number in such a way that, given the SSID, you can easily find out the serial number, and hence the WEP key. The process has already been automated via an Eircom WEP key generator. I haven’t tried it myself, but one ILUGer has already reported that it works.
Some people will point out that WEP hardly gives much protection to begin with, since it can be cracked so easily and quickly by someone who knows what they’re doing. But now, even the laziest kid on the street can hack into your network without ever having to worry about command prompts or aircrack-ngs. Eircom broadband users would be wise to change their SSID from the default, and to switch to WPA encryption while you’re at it. (Surf to 192.168.1.254 and it’s in the options there somewhere…)
Update: I removed the link to s4dd’s site with the WEP key generator. There’s no point brushing stuff like this under the carpet, I think it is important to raise awareness about this, but at the same time I don’t want to be responsible for anyone stealing your email.
del.icio.us
digg it
September 30th, 2007 at 19:26 pm
WEP is not secure, it is crackable in less than a minute:
http://www.cdc.informatik.tu-darmstadt.de/aircrack-ptw/
If you want to secure your wifi, use WPA and use a strong password.
October 1st, 2007 at 9:09 am
[...] news is out that you can guess the WEP key for the eircom modems that a lot of people have. Something like 100k-150k or maybe more. It seems the WEP key (which is [...]
October 1st, 2007 at 10:11 am
[...] looks bad for Eircom. If its true they have inadvertently created Ireland’s largest free WIFI network. [...]
October 2nd, 2007 at 3:25 am
[...] the two days since I posted about the security flaw in Eircom broadband routers’ default configuration, coverage has [...]
October 2nd, 2007 at 9:21 am
You think thats bad, a certain other large ISP in ths country used to supply their routers with default passwords and admin web interface open to the internet!
As someone else pointed out WEP can be cracked very quickly regardless of this flaw. However the skill level required for this attack is much lower.
October 2nd, 2007 at 10:19 am
[...] http://www.jamesgalvin.com/2007/09/30/eircom-dsl-routers-security-flaw/ [ Up to a quarter of a million Eircom customers could be inadvertently sharing their broadband connections with strangers due to a security flaw in products supplied by the telecoms company.. — Irish Times ] [...]
October 2nd, 2007 at 11:44 am
A secondary issue is that by default the router administration password is left blank by default.
Once you’re on someone else’s eircom wifi network going to the router gives you full access. All sorts of damage could be done!
October 2nd, 2007 at 20:19 pm
[...] the Eircom router wifi security fiasco and now a Monster fiasco is brewing. Wonderful stuff, watching the Irish blogosphere (or rather [...]
October 3rd, 2007 at 1:07 am
There’s another ISP who set teh default passphrase the exact same for teh first 6 digits at all their wireless points. How silly is that?
e.g.
AP1
ABCDEF*****
ABCDEF$$$$$
ridiculous, hopefully they’ll get some publciity as well
Bert
June 2nd, 2008 at 18:36 pm
Thanks for providing this information, Really we should fine out some ways to secure our Wifi in some way from the hackers.
July 1st, 2008 at 0:59 am
Cracking wep is very easy all you need is the following:
+ Aircrack-ng suite
+ Atheros Chipset Wifi Adaptor
+ Know how of using Linux