UK's most popular Wi-Fi router defaults to insecurity
Come and get it
From the folks at security think tank GNUCitizen comes yet another demonstration of the insecurity that's present by default in the UK's most popular home broadband router.
By default, the BT Home Hub, which is manufactured by Thomson/Alcatel, uses a weak algorithm to generate keys used for locking down a Wi-Fi network. So weak, in fact, that Wired Equivalent Privacy (WEP) keys can be predicted in just 80 guesses on average. GNUCitizen has written a program to automate the guessing game, but has decided not to release it for the time being.
It's been known for some time that WEP is not a reliable way to secure a Wi-Fi network. But the GNUCitizen's research, which is based on work by ethical hacker Kevin Devine, takes this understanding a step further. It allows the router to be cracked without the use of special hardware or software that's a hassle to configure and use.
The research also affects those using the much more robust Wi-Fi Protected Access (WPA) to secure their BT Home Hub. Because the algorithm uses a predictable means to determine the WPA, an attacker can easily determine the pass phrase (should the default encryption key value be used).
GNUCitizen has exposed other weaknesses in the router, including a VoIP hijacking vulnerability and the ability for attackers to bypass password protections. BT fixed both those issues shortly after they were brought to light.
BT spokesman Adam Liversage said the company is aware of the weakness and encourages people to change the default settings of WEP with a pre-set wireless key to WPA with a random key. Liversage said BT didn't believe any customers have been affected by the default settings, although he didn't explain how the company could even know.
The company has published instructions here that walks customers through the process of securing the device. If you fail to heed them, don't say we didn't warn you. ®
@ Xander Dent
...oh gosh, you're serious aren't you?
I'll get my coat - and nip round yours to airodump-ng* your MAC...
Paris, because for all her (de)faults, I'd still wouldn't say no to airodumping her MAC.
*Ever since 'Google', I've been exploring the beauty of 'verbing' - randomly converting nouns to verbs
The reason routers don't default/force people to be secure is because of resulting tech support costs.
By defaulting to no security (as all devices I have purchased do), they make the installation easy. If someone gets into trouble they can just poke the "factory reset" thingummy and generally get going easily.
As others have noted, many/most home setups just run unsecured networks.
-WPA PSK (how long is the phrase you used? Ideally 20+ chars and not dictionary-friendly. Using WPA2, if its available? )
-MAC address filtering (fairly trivial to bypass for any non-casual hacker - basic sniffer and MAC-spoof capable card needed)
-default router password changed (great, its amazing how often they do this and yet WEP is the old horse that gets beaten to death by the news rags)
-obscure model of router ( sure why not )
-(hidden SSID) (utterly trivial to bypass/learn with a sniffer because legitimate clients must specify the SSID in plaintext in probes and associates; it is only useful to hide this to prevent it from being identified in the Windows Wireless Networks list where the slobbering masses can see it and try to connect)
Forgot: Change the default SSID!!! The SSID can often tell hackers clues about the router brand, the ISP, and even the serial number. Changing it does more for anonymizing you than hiding it. Assuming you're not making it into your full name or SSN.
Bottom line, WPA-PSK (esp WPA2) with a good key is about as robust as you can get for home use. If they are as capable and determined to crack that, none of the other Mickey Mouse security is comparable. As people have pointed out, they don't ship WPA default because of backward compatibility issues with all the old WEP crapola.