The Register® — Biting the hand that feeds IT

Feeds

UK's most popular Wi-Fi router defaults to insecurity

Come and get it

By Dan Goodin, 14th April 2008
  • print
  • alert

Agentless Backup is Not a Myth

From the folks at security think tank GNUCitizen comes yet another demonstration of the insecurity that's present by default in the UK's most popular home broadband router.

By default, the BT Home Hub, which is manufactured by Thomson/Alcatel, uses a weak algorithm to generate keys used for locking down a Wi-Fi network. So weak, in fact, that Wired Equivalent Privacy (WEP) keys can be predicted in just 80 guesses on average. GNUCitizen has written a program to automate the guessing game, but has decided not to release it for the time being.

It's been known for some time that WEP is not a reliable way to secure a Wi-Fi network. But the GNUCitizen's research, which is based on work by ethical hacker Kevin Devine, takes this understanding a step further. It allows the router to be cracked without the use of special hardware or software that's a hassle to configure and use.

The research also affects those using the much more robust Wi-Fi Protected Access (WPA) to secure their BT Home Hub. Because the algorithm uses a predictable means to determine the WPA, an attacker can easily determine the pass phrase (should the default encryption key value be used).

GNUCitizen has exposed other weaknesses in the router, including a VoIP hijacking vulnerability and the ability for attackers to bypass password protections. BT fixed both those issues shortly after they were brought to light.

BT spokesman Adam Liversage said the company is aware of the weakness and encourages people to change the default settings of WEP with a pre-set wireless key to WPA with a random key. Liversage said BT didn't believe any customers have been affected by the default settings, although he didn't explain how the company could even know.

The company has published instructions here that walks customers through the process of securing the device. If you fail to heed them, don't say we didn't warn you. ®

Steps to Take Before Choosing a Business Continuity Partner

COMMENTS

House Rules Send Corrections
All Reader Comments (53)
Highly Rated
The Mysterious Panda

@ Xander Dent

...oh gosh, you're serious aren't you?

I'll get my coat - and nip round yours to airodump-ng* your MAC...

Paris, because for all her (de)faults, I'd still wouldn't say no to airodumping her MAC.

----------

*Ever since 'Google', I've been exploring the beauty of 'verbing' - randomly converting nouns to verbs

1
0
Charles Manning

@Mark Otway

The reason routers don't default/force people to be secure is because of resulting tech support costs.

By defaulting to no security (as all devices I have purchased do), they make the installation easy. If someone gets into trouble they can just poke the "factory reset" thingummy and generally get going easily.

As others have noted, many/most home setups just run unsecured networks.

0
0
Anonymous Coward
Anonymous Coward

Re: SSID

-WPA PSK (how long is the phrase you used? Ideally 20+ chars and not dictionary-friendly. Using WPA2, if its available? )

-MAC address filtering (fairly trivial to bypass for any non-casual hacker - basic sniffer and MAC-spoof capable card needed)

-default router password changed (great, its amazing how often they do this and yet WEP is the old horse that gets beaten to death by the news rags)

-obscure model of router ( sure why not )

-(hidden SSID) (utterly trivial to bypass/learn with a sniffer because legitimate clients must specify the SSID in plaintext in probes and associates; it is only useful to hide this to prevent it from being identified in the Windows Wireless Networks list where the slobbering masses can see it and try to connect)

Forgot: Change the default SSID!!! The SSID can often tell hackers clues about the router brand, the ISP, and even the serial number. Changing it does more for anonymizing you than hiding it. Assuming you're not making it into your full name or SSN.

Bottom line, WPA-PSK (esp WPA2) with a good key is about as robust as you can get for home use. If they are as capable and determined to crack that, none of the other Mickey Mouse security is comparable. As people have pointed out, they don't ship WPA default because of backward compatibility issues with all the old WEP crapola.

0
0

More from The Register

breaking news
Number of cops abusing Police National Computer access on the rise
Only a telegram from the Queen can get you off it
135
breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
96
Flash flaw potentially makes every webcam or laptop a PEEPHOLE
But it's a Google problem - Chrome only, insists Adobe
60
Internet fraud still stings suckers
Australians twice as gullible as Americans
36
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
breaking news
Yahoo! joins! rivals! in! PRISM! data! request! admission!
Keep calm and carry on using American tech firms, folks
41
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17