Feeds

Sky Broadband puts the fault into default Wi-Fi security

Users in guess-able random keys quandary

Designing a Defense for Mobile Applications

Sky Broadband advises customers to consider changing their default Wi-Fi passwords - because the apparently random network keys are guess-able.

The ISP issues customers with a wireless router that is pre-configured with wireless security switched on, and an apparently random network key. This sounds like a good plan. However, the key is based on the router's MAC address, which is broadcast "in the clear" - i.e in unencrypted form.

Reg reader James, who brought the issue to our attention, said that getting the MAC address is trivial and working out the algorithm that links it to a network key is "not exactly rocket science".

The security shortcoming affects only Sky Broadband's original router, a rebadged Netgear DG834GT, and applies only where customers keep the default network key. This leaves plenty of scope for problems. "With about a million Sky customers using the original DG834GT router, there's likely to be hundreds of thousands of Sky customers thinking that they're safe, when in fact they are not," James notes.

Sky has not issued a general alert, even though it was informed of the matter a month ago, through its SkyUser community support forum. "Sky offered advice to users on that forum, to either disable wireless networking, or change their wireless password, but they still haven't told their wider customer base about this problem," James said.

In response to our questions, Sky Broadband said users can improve security by changing their default password (as explained here), comparing this, more or less, to adding a lock to an already bolted door.

"A wireless router is great for flexibility and convenience but no one wants to unwittingly share their connection with another user. We pre-configure all our routers with security settings so that customers' bandwidth is protected from day one. Our website offers advice to customers on how to further enhance this level of protection by changing their default password to another of their own choice," a Sky spokeswoman told El Reg. ®

Securing Web Applications Made Simple and Scalable

More from The Register

next story
Google Nest, ARM, Samsung pull out Thread to strangle ZigBee
But there's a flaw in Google's IP-based IoT system
Orange spent weekend spamming customers with TXTs
Zero, not infinity, is the Magic Number customers want
Want to beat Verizon's slow Netflix? Get a VPN
Exec finds stream speed climbs when smuggled out
US freemium mobile network eyes up Europe
FreedomPop touts 'free' calls, texts and data
'Two-speed internet' storm turns FCC.gov into zero-speed website
Deadline for comments on net neutrality shake-up extended to Friday
GoTenna: How does this 'magic' work?
An ideal product if you believe the Earth is flat
NBN Co execs: No FTTN product until 2015
Faster? Not yet. Cheaper? No data
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.