Much as I dislike the Home Hub, it must be pointed out that the fact it actually ships with a pre-set WEP key makes it more secure than most home routers on the market, which come with blank passwords. And my experience is that the average user leaves them this way.

"NETGEAR" is my isp! At least this way there's a few seconds of a challenge first, and maybe some kind of legal mumbo jumbo involved before you add a couple more megabits to your connection pool.

Paris knows all about leeching from society...

It seems that everywhere I go, my laptop will find an unsecured network called Belkin54g

Exactly WHAT part of this were we supposed to be surprised by.

Of course, this sort of story will NEVER reach the mainstream public, a bit like their other little 'security' issue!!

The BTHomeHub is awful, even the BT engineers say it's crap.

My line gets about 512K on the home hub, 1.5Mb with my Draytek Vigor 2910 and Vigor 100 (2910 is a dual WAN Router, the 100 is an ADSL/2+ modem).

Mind you, even the 2910 defaults to no wireless security (though it is off by default). Makes no difference though, if you try to crack into the home hub chances are it will just lock up before you manage to get in...so you *could* say it is the most secure router out there, in a f****d up kind of way.

@Martin Edwards: Really? I tend to find most are either set up by someone who vaguely knows what they're doing OR by someone who doesn't know anything and thus studies the manual in great detail. Most (if not all) router manuals stress from the get-go that wireless needs to be secured - having once gone wardriving for a laugh, every single Home Hub was using WEP - while that's not necessarily with the stock key, I'm willing to be it is in 99.9% of cases. There are always a few NETGEAR, belkin54g, etc unsecured, but they really are in the minority.

...I don't know why they don't allow (aka force) preople to specify their own WPA (or WEP, if you must) keys when they install the kit.

pity they've not passed that information on to the contnract engineers who work on BT's broadband installatiion / home computer service. Having said that, we warned then over a year ago that sending out home hubs with 40-bit WEP encryption was stupid. They ignored us of course.In fact we were under strict instructions NOT to change the WEP settings, presumably so that the service centre bods had an easy life when customers called in with connection problems. (The WEP key is printed on the back of the hub)

WEP encrypted too... netgear dg834 me thinks

Until the tool does get released WEP is still better than nothing, you do at least require *some* knowledge to get at a WEP protected network, you just need a computer and one hit with the clue bat to get at an unprotected one. My router came defaulted to no protection, but at least the wifi was turned off. 9 times out of 10 Joe Bandwidth Stealer is going to go for the unprotected network rather than the WEP one, he only goes for the WEP one because he wants to show off.

OMG! Shock Horror! Leave your wifi AP open and bad things will happen to you!

Such a shame that we can't spread the idea that you should deliberately make your WiFi open and give it an SSID of "Your Address - Open". Go back 5 years and there was a possibility that things like NoCat would make it reasonably easy to offer open access reasonably securely with logging and such like. Even with FON, this never really happened.

I for one want to live in a world where the Dlink-Linksys-Belkin default open access community is everywhere. So can we please stop making it easy for the average man in the street to secure their Wifi?

do like the Orange Livebox?

It comes (now) on with WPA on as standard, but even if this was cracked its not a big deal.

I run WEP (some device don't use WPA), but the box has one great feature.

The live box is automatically configured to only allow new devices to connect for a couple of minutes after a reset or by pressing a button. After that, even a correctly set up device cannot attach.

which I would imagine are behind most of the zombie botnets connections in the world .... offering as they do a backdoor without firewall into the PC.

The biggest problem so far is that Thomson seems unable to fix any of the bugs reported. I'm using a 780WL (was their "top-of-range" box), there are several BIG bugs (like SIP account not registering on router restart), easily reproducible crash bugs, etc.... that have never been fixed.

If you check the Bethere forum (they are also using the Thomson boxes) you'll see an endless list of bugs...

I suspect that Thomson took over the product form Alcatel, probably not the team and is now left with was is likely to be a badly documented, hard to debug code. And as long as people like BT are ordering the boxes (and debug/workaround the issues by themself) I'm not really sure they are motivated to do anything!

The router has a lot of great features (especialy for a consumer box), too sad the support is SOOOOOOO poor.

You CAN alter the pairing time on the Orange (Wanadoo) Livebox by going into the configuration. This can be set to up to 60 minutes. (well, it can on mine, the one with the fucking irritating pulsasting light! Thank fuck they let you turn THAT off!) I'd change the default password there too,. but I'd imagine you've already done that. Just a shame you can't change the default username, it's not exactly had a great deal of thought put into it.

I too have begun to see a profusion of "SKY...." boxes appearing in my neighbourhood. Looks like Uncle Rupe's making inroads in the "Total World Media Domination" masterplan!

I thought the whole mantra of the company was "zero privacy". Tying in nicely, with their relationship with Phorm.

These aren’t problems with the home hub; they are designed to be totally open

Don't forget that having a BT HomeHub leaves you open to a much bigger security risk - BT selling your browsing data to a spyware company.

Anyone who still has BT as an ISP almost deserves to get their wireless network cracked.

I luv my netgear router, its got the most secure wireless connection point in the world because i keep it turned off XD

wireless is overrated nowadays and its still faster to stream vids and music over a hard wire connection

anonymously post since i don't want ppl cracking my unprotected upnp

But which is faster...

80 password guesses, or 2 minute WEP password cracking (http://www.youtube.com/watch?v=d7tpl77VwO4).

FIIIGHT!

actually the Orange Livebox comes with both WEP and WPA enabled, however this causes confusion to some computers and you often have to turn onef o them off.

Where the Livebox DOES have an ace card is that you only have a time e to "pair" a wireless network card and the router after you press a button on the back. After the timeout you cannot connect - even with the right WEP/WPA key

you see lots of SKY routers because Sky appear not to tolerate other routers on their Network

I was recently requested by a customer to set up her existing router on a new Sky account (it was a better model than the SKy-supplied Netgear) and Sky helpdesk refused any information regarding required logn / authentication details. All I got was a comment "you can only use one of our routers on our service. The software of the Sky box has been bastardized so the logon details are hidden: I've not found a way round this yet.

Any of you Linux bods out there able to hack one and find what is needed to get a non-Sky router working on a Sky ADSL account?

Nintendo DS for example, doesn't support it.

So many have problems with their WI-FI its not surprising that most dont come with security in mind , but rather ease of setup.

Unfortunately, some of us are still contracted to BT! :(

Either i'm going to get flamed or someone will not follow my question, umm, here goes.

There is a lot of talk about WIFI cracking, someone will say "Yeah, theres a website that says it can be done", or "Everyone knows it's not secure" or "It can be cracked in 30 seconds" But all I hear is anecdotes, or I get pointed to some old website showing how to crack a fairly old set up.

Ive talked in person to people who have told me how easy they are to crack, then I ask them how would they do it and they shrug.

But has anyone here actually cracked a WIFI signal being generated by a modern up-to-date hub or computer and got in? Is there an epidemic of people having their connections compromised or is it just hype? I'm curious.

B.T.W I don't use WIFI myself, so i'm asking the question from a "New to the WIFI signal subject".

First person who points me to a five year old website gets a poke in the eye ;-)

on the DS. So what can anyone do - throw the device away and get a PSP ?

Mario Karts and other games are better online, my kids would like to continue to be able to play online DS games.

I guess I could lock down the device by MAC address... though I understand even that is not secure (i.e. can be faked) ?

As I understand it, WPA causes too many headaches for ISPs like BT who would have to deal with people struggling to connect their Wii, PS3, mobile phone, and whatever else. WEP is just simpler to deal with from a support point of view.

As for security, yes it's a risk, but as 99% of the public are clueless in this regard I should think they're pretty safe as the 1% who might want to go round hacking everyone else is going to have a hard time getting round that 99%. It's like having a Yale lock on your front door. Most burglars can get past them easily but relatively few people really get burgled. Sure you can put deadlocks on your door just in case.

It used to be the case like previous posters point out that no-one secured their networks, so a quick sniff would result in a list of networks named Linksys etc, all default and unsecured.

It's not like that at all anymore. I live in a condominium, where I can usually see around 30 to 40 networks at any given time, and not a single one of them is insecure.

see http://www.grape-info.com/doc/win2000srv/security/airsnort.html

heres a dedicated WEP cracking utility, this version dates from 2007

http://www.security-database.com/toolswatch/AiroScript-Wep-Cracking-Utility-V.html

less secure than a 2-digit [0-9] combination lock? LOLHAX

> Still more secure than most

I don't know about that, anecdotallly most wifi networks around here are now either sky or BT...

Sky appear to use wpa by default, BT wep....[well, either that or sky's stuff is installed by folk who set them up correctly?] I did once wonder if the sky ones actually had secure passphrases, but I didn't look further.

Yes, there are others, of course, but they seem rare [and mostly secured these days ime]

TBH I think BT and sky are installing wifi for people who probably don't want or need it and they just wanted broadband and TV and so on and wifi cames with the package.

Given that I have Virgin media and live in a cabled area I guess plenty around me are using VM too. Therefore they would only have wifi if they bought a router themselves and configured it themselves. From the relatively few that have wifi that aren't using sky or bt it suggests that a lot of folk just don't want or need it in the first place [and given the fact that in use wifi is slow and useless anyway, they are right :) It's fine for the odd psp connection perhaps, but wireless gaming is useless, wireless file transfers are slow and wireless at any distance that makes it worthwhile having it in the first place barely works at all. There are far better solutions for getting internet access around a house]

If that lack of need is true of sky and BT customers as well, that's a waste really given the contention issues that wifi has, as well as, clearly from the BT pov, an unnecessary security hole.

Quick web search will give you the required info. Basically ping the router and save result to a config file to extract the password.

Your user name is very easy to find. It is the router mac address (handily on the router label) @skydsl.com making it something like

a3;13;df;4g;5e;1e@skydsl.com.

Not that I've ever hacked a sky box of course.

You can even use the sky box with this info. once of course you've flashed the crippleware (sorry firmware) with a newer Netgear version.

The pillock "plugging" in another device!

As an exercise, do an NMAP scan of you local subnets outside your firewall at home and you'll see at least 2 in every 100 routers with open ports to remote desktop, open ftps with default passwords, open routers still left with default passwords, I even found a HP printer/scanner plugged straight into an router with no password. There are lists of default passwords for all the major models and makes of routers, it really doesn't take a degree in IT and ten years of security knowledge to break into most home routers.

If anyone has actually tried to do a WEP or other crack, they would know that you need the right wifi hardware. You cant just use the cracking software on any old card, they only support certain chipsets. I tried various cards and gave up. Manufactureres stopped making cards with the chipsets and promiscuous drivers ages ago. Simon is right - most people have no idea whats involved.

Meaning that home networks can't adopt WPA.

I would love to move to WPA, but my Terratec Noxon boxes are WEP only. I wonder what the legal stance is, for these companies that refuse to do updates or exchange programs for hardware that make your network insecure.

Are they liable for producing insecure products which open up your home network?

Despite several emails to Terratec, about Noxon not supporting WEP, they just brush the problem under the carpet...

There's not a hacker in this world who could get onto my wireless network, even if I left it open. Nothing gets through my walls! Seriously, nothing... wireless is only good for the room I am in and if I want to use my mobile I have to go outside. I had to run cat5 to my bedroom so I can use my laptop in bed.

Whilst in no way questioning the intellect of the boys at this Security think tank, out in the real world I see few unsecured networks anymore.

At a friends flat in Streatham, London a total of 17 networks are visible on my thinkpad and the only 1 not secured with 128bit WEP or WPA (most were WPA) was the local Oxfam shop (Yes I went down there and helped them get WPA up and running).

I agree most were running default SSID but does that really matter that much. I use WPA2 with AES but stopped hiding my SSID in the end because it was a pain having to type the SSID and the password on my N95 :-)

This security think tank sound a bit like the Government to me, lets scare everyone than we can get more funding.

> the most secure wireless connection point in the world because i keep it turned off

Instead of leaving the Wi-Fi permanently switched off, why didn't you just buy a wired router?

Here's a handy little guide for you AC, courtesy of sky users forum.

http://www.skyuser.co.uk/forum/extracting-sky-router-passwords/19915-how-obtain-your-username-password-sky-router.html

Hope this is helpful.

Thanks for the links.

Well one piece of software is 3 years old, the other, hmm, slightly newer.

So have you used them? Did they work? On current equipment I could buy in the shops?

@El Reg, how about one of you guys have a go. This would be the greatest IT news website ever if one of your writers tried it and wrote an article about it. We need to confirm the truth or dispel the myth about WIFI cracking.

Me myself (Also what Clive Smith is saying) think this is something the WIFI manufacturers maybe caught onto years ago and have solved.

Anyhow, continue my education someone.

unfortunately i needed a router badly since my last 1 burned out from all the downloading so i had to do the dirty and get it from Pc World (never again)

at least now im looking for some proper netgear hardware for a separate dual wan firewall and a stand alone modem to upgrade my net

I see people constantly going on about the WEP/WPA angle but very few people seem to mention about locking the connection down to specific allowed devices via their MAC addresses. If a hacker can't even connect to the router, how is he going to crack the WEP/WPA key anyway?

Someone did mention about the possibility of spoofing MAC addresses but they would need to know what MAC addresses are allowed to connect and their associated NAME.

Well, because I would use Ubuntu all the time if I could.

WEP can be cracked in around 1 to 8 minutes with Back Track Linux,

WPA is more secure but can still be cracked, WPA is not available to BT home flub users unless you flash it to open up their locked down options

This is, quite frankly not good enough why, is that band of tossers known as BT peddling such junk in the first place?

Yes, aircrack-ng works fine these days, with fake authentication and ARP injection it cracked my neighbours 128-bit WEP key in a surprisingly quick 4 minutes.

You'll need an Atheros chipset wireless card (amazon) and have to be comfortable fiddling with Linux.

Just fround these, I think they answer your points

WEP cracking using modern equiment

http://www.smallnetbuilder.com/content/view/30114/98/

how the feds do it - a demonstration

http://www.smallnetbuilder.com/content/view/24251/100/1/1/

Cracking WPA

http://www.smallnetbuilder.com/content/view/30278/98/

WPA IS available to Home Hub users - you just have to log onto the advanced admn page and change the settings. No need to flash it

Its not obvious, but it IS there

Was going to simply state here that this whole discussion is a waste of time, as blocking all but allowed MAC addy's is far simpler than setting up any sort of encryption, and for the purposes of restricting who's using the wireless connection is more than adequate.

But, someone beat me to it..

...oh gosh, you're serious aren't you?

I'll get my coat - and nip round yours to airodump-ng* your MAC...

Paris, because for all her (de)faults, I'd still wouldn't say no to airodumping her MAC.

----------

*Ever since 'Google', I've been exploring the beauty of 'verbing' - randomly converting nouns to verbs

i just wasted 10 minutes concisely and susynctley typing an argument that covered every point made, showing you lot how paranoid you all are, then realised that would take away my fun of watching an afternoons stupidity in the comments section. so who is the more foolish, the fool or the fool that follows him?

carry on!

1. Providing a default key (as it is now)

2. Redirecting the first www connection to the router in order to input a passphrase

3. Creating a stronger key to cut'n'paste? (WPA unless specified)

... This could all be fixed in a simple software update, could it not? (just like the "we changed your admin password to the HH serial number" thing)

@ All the people with Belkin, Netgear, etc - at least there is *some* security with the Homehub out of the box - think about the average customer here - I've set up over 500 routers and think that Netgears etc are pretty OK - but where's the default security?!!! Even WEP discourages casual connections from the neighbours looking for their daily pr0n.

So you get your wireless router. "Great", you think, "now I can work wirelessly." Not so fast, young padawan, because first you need to configure it. "No problems, it's wireless." And you know the passcode to talk to it? "Ah..." Where's your PC? "Upstairs." Where's the router? "Downstairs." And you don't know the passcode, so your PC can't talk to the router? "Err..."

The sad truth is that unless your wireless router defaults to "wide open, come and get me", there ain't any way your PC upstairs can talk to the wireless router downstairs. If you've got an Ethernet port on your PC then you can bring the router upstairs, plug it in with a Cat5 and set it up that way, then bring it back downstairs. But if you haven't (and many PCs don't come with Ethernet), you're right out of luck.

Unless your PC can guess what the passcode is. And that's presumably where this comes in. Sure, it ain't bombproof, but it's shipping with enough security that out-of-the-box it's protected, instead of being wide open for a while until you get round to configuring your security.

Which, per Steve and Xander, should include a MAC address whitelist for most home users.

One of the things that was mentioned above is hiding your SSID - but surely if you're going to be hacked they really don't need this anyway. And if you do have an obvious SSID (such as an address) any friendly tech can at least easily find you and maybe help fix it?

As you didn't ask, I use:

-WPA PSK

-MAC address filtering

-default router password changed

-obscure model of router

-(hidden SSID)

That should do the trick shouldn't it?

I actually want to have an unsecured wireless access point to provide a public service for passing phones, DS'es, laptops even. It's easy to set the hardware up so my own network (including another wireless AP but with WPA2) is seperate from it. Is there any way to sensibly achieve this? Do I need hotspot software? RADIUS?

-WPA PSK (how long is the phrase you used? Ideally 20+ chars and not dictionary-friendly. Using WPA2, if its available? )

-MAC address filtering (fairly trivial to bypass for any non-casual hacker - basic sniffer and MAC-spoof capable card needed)

-default router password changed (great, its amazing how often they do this and yet WEP is the old horse that gets beaten to death by the news rags)

-obscure model of router ( sure why not )

-(hidden SSID) (utterly trivial to bypass/learn with a sniffer because legitimate clients must specify the SSID in plaintext in probes and associates; it is only useful to hide this to prevent it from being identified in the Windows Wireless Networks list where the slobbering masses can see it and try to connect)

Forgot: Change the default SSID!!! The SSID can often tell hackers clues about the router brand, the ISP, and even the serial number. Changing it does more for anonymizing you than hiding it. Assuming you're not making it into your full name or SSN.

Bottom line, WPA-PSK (esp WPA2) with a good key is about as robust as you can get for home use. If they are as capable and determined to crack that, none of the other Mickey Mouse security is comparable. As people have pointed out, they don't ship WPA default because of backward compatibility issues with all the old WEP crapola.

The reason routers don't default/force people to be secure is because of resulting tech support costs.

By defaulting to no security (as all devices I have purchased do), they make the installation easy. If someone gets into trouble they can just poke the "factory reset" thingummy and generally get going easily.

As others have noted, many/most home setups just run unsecured networks.