[RTE] Security flaw in Eircom wireless service (1 Viewer)

[pete]

http://www.rte.ie/news/2007/1002/eircom.html

what's this all about then? are they still shipping routers with no encryption enabled & default passwords?

 

[pete]

eircom takes all issues relating to security of its products and services very seriously and it is our absolute priority to help our customers optimise wireless security on their broadband connections.

eircom distributes Netopia wireless modems to broadband customers enabled with wireless security by default. The security standard used is called Wired Equivalent Privacy (WEP) and provides customers with a simple and easy-to-use level of security.

For ease of use a default WEP key is provided based on the serial number of each modem, although customers can change this WEP key manually. This is the same method of security provided for other international operators using Netopia routers.

eircom was recently made aware of a potential wireless access security issue with the Netopia Wireless modems. A possible vulnerability with the standard configuration or default setting of the WEP protocol was identified. This vulnerability makes it possible for a person with an advanced working knowledge of encryption and coding techniques to illegally access an eircom customer’s Internet connection. However, when a customer generates their own unique WEP Key or password and does not use the default setting, this security risk is removed.

hmm

 

[pete]

oh dear

The information I was given included a very short piece of computer code (in C++) that takes an Eircom default SSID as input and effectively instantly gives the default WEP key as output. The algorythm to do this is shockingly and frighteningly trivial. The author claims he was able to generate this code using some very basic reverse-engineering techniques on the Eircom install CD.

http://www.bartbusschots.ie/blog/?p=511

 

[Johnnyc]

Good old Eircom. I remember when they got hacked a couple of times back in the dial-up days. Their homepage was taken down by some Krazy hakkerZ. Some dude also hacked their database and they had to change every single customers password over night.

I know zip about routers etc. but don't most routers just have "admin" set as password by default?

 

[Bladez]

oh dear



http://www.bartbusschots.ie/blog/?p=511

Wait...so the WEP key is a simple function of the network ID? Thats fairly retarded. And the majority of customers are without doubt running the default configuration and won't be aware of the problem.

 

[Bladez]

But I suppose because WEP can be cracked so easily anyway it makes little difference. If someone wishes to access a network with WEP encryption they will be able to with/without this flaw. I guess this just makes it easier.

Surely Eircom have some sort of security team/advisors. How could they make this kind of error?

 

[Theseus Mock]

ha!

My anonymous source assures me he has not released this code into the wild but points out that if he can generate it others can too and someone probably already has. Others who also reverse engineer the install CD may not be as morally upstanding as my source claims to be.

.

http://s4dd.yore.ma/eircom/

 

[Theseus Mock]

Wait...so the WEP key is a simple function of the network ID? Thats fairly retarded. And the majority of customers are without doubt running the default configuration and won't be aware of the problem.

apparently a function of the ID plus some jimi hendrix lyrics. anyone know which ones?

 

[broken arm]

i ran my WEP on the DFA router using a DP code i ripped from the PPSA- all was AOK except on the PDA.

 

[RSJ]

When i moved into my last gaff they didn't know what the password for the NTL wireless was, so i logged into it (http://192.0.0.2 or something fairly default, admin/admin) and had it within seconds. Used the same thing to get into the neighbours NTL in another gaff, could have changed the settings to lock them out if i wanted. I don't think any of these companies set these things up particularly safely.

 

[Bladez]

apparently a function of the ID plus some jimi hendrix lyrics. anyone know which ones?

Although your world wonders me,

http://h1.ripway.com/kevindevine/wep_key.html

 

[pete]

When i moved into my last gaff they didn't know what the password for the NTL wireless was, so i logged into it (http://192.0.0.2 or something fairly default, admin/admin) and had it within seconds. Used the same thing to get into the neighbours NTL in another gaff, could have changed the settings to lock them out if i wanted. I don't think any of these companies set these things up particularly safely.

ntl are fuckers for this. i don't know which is worse - that, or leaving remote admin enabled with default passwords.

 

[FERGLOR]

was just on 9pm news. apparently i'm a "hacker" now..

 

[Wayne]

WEP encryption shouldn't really be used these days as it can be cracked in a couple of minutes. All you need is a free scanning tool for monitoriing the encrypted data in order to grab the key. This has been the case for about 2 years now.

http://www.heise-security.co.uk/news/87889

You should really be using WPA encryption by default with a good password that you set up yourself. And also change and don't braodcast your SSID. Turing on the mac filter is a good idea too.

The problem is that the guys coming out to do these installation don't really understand it themselves and leave the router in an unsecure state. They set it up with the most basic WEP encryption then leave the thing broadcasting its SSID for the whole world to see. At the moment it isn't such a big deal as there are still lots of completely open networks out there and there's no point in having to crack WEP. But as this changes, the type of encryption and how it is set up will become more important