Eircom wireless security flaw revealed A serious security flaw has been uncovered in certain models of wireless broadband routers supplied to up to 250,000 of Eircom's residential and business customers. The flaw allows the security encryption of an Eircom wireless network to be bypassed by outsiders, who can then "piggyback" on a customer's internet connection. In …
Two things about this story:
1) First, eircom are in ass-covering mode here - it does NOT require technical knowledge to exploit this hack. Search for "eircom wep serial" on google and you are but a couple of clicks from a web page that can be used to retrieve the wep key, just by typing in an eircom-supplied router's SSID
2) The 'Meta-Story' here should be about just how insecure WEP is anyway - Eircom can't be lashed over the back because of that - but they are guilty of trying to be too smart in enabling WEP by default on customer routers (whereas other BB providers can at least wash their hands of this since they don't switch on wireless out of the box).
With a couple of cheap wifi cards with the right chipsets in them, the Backtrack 2 live CD (http://www.remote-exploit.org/backtrack.html) will make mincemeat of WEP protection, grabbing the key in around 15 minutes. If someone is clued up enough to take advantage of the Eircom vulnerablity, they will be clued up enough to crack the key anyway.
If you're planning on getting a pre-configured router, such as BT Home Hub, ask if it supports WPA. If it only supports WEP you leave yourself open. Ask the provider to give you a statement in writing that they will cover any losses as a result - that tends to focus their minds a bit.
"Eircom's director of communications Paul Bradley defended the protocol, however, saying "WEP is an industry standard protocol used by telecoms providers around the world.""
---
They need to fire him then, because everyone knows WEP is a _broken_ protocol, and MAC filtering is _inefficient_
I've just been giving advice to someone who has already bought a BT Home Hub - WEP only, no mention of WPA anyware in the user guide. The I saw the email account default password: "Welcome1". Words fail me.
These products are sold to the great unwashed and really should be far more secure out of the box. At least give them the option to change the defaults easily.
<Cynic>
Or does this mass insecurity prop up the entire anti-malware industry and keep BT's £50 home visit business in profit.
</Cynic>
I'll get my tin foil hat
A family member recently got cable broadband from NTL (now UPC) in Dublin. I was astonished to find that the cable modem provided by NTL isn't a NAT router - their Win2K laptop was running with a public IP address, and no firewall. At least a NAT router protects from inbound attacks - I thought the whole concept of not providing users with NAT routers died out in the 90's!
Read this witter from the suppliers, Netopia, as to why.
http://www.netopia.com/technologies/3d_reach.html
Motorola's 3-D Reach technology delivers superior wireless RANGE, performance, and coverage using a combination of antenna tuning, advanced radio technology, INCREASED TRANSMIT POWER, and improved receive sensitivity.
Advanced radio technology found in 3-D Reach delivers up to DOUBLE the wireless reach of competitive products, while improving network robustness using unique techniques that minimize interference from products like microwaves, cordless phones, and neighboring wireless networks.
0wn3D*2
Ok- so Eircom screwed up.
I had one of their routers- I disabled wireless and whacked a 3Com firewall on it before I ever enabled it. It was fine until a few Intel engineers started to rent the house next door and my monthly usage went over 200Gb overnight (I really should have gotten copies of whatever they downloaded!)
As everyone has said- WEP is dated. War-driving may be out of vogue, but when you could crack a 128 bit WEP connection in under 10 minutes on an antique laptop surely the writing should have been on the wall......
Far from Eircom contacting customers to help close their insecure routers- its a totally pointless exercise. How many of their customers are going to log into their routers to change settings? Very very few...... Short of taking a hit and replacing the 234,000 wireless routers they shipped- there are going to thousands upon thousands of these routers sitting there for years to come.
Why bother cracking an Eircom router anyway- when there are so many totally unsecure networks just sitting there? From where I am sitting with my laptop writing this there are 5 wireless routers available- 2 of which are Eircom with their SSIDs on plain view, 1 is an unsecured Netgear with no security whatsoever, 1 is a Belkin secured with WPA and then there is my own and another one with security. If I wasn't an honest person that would be 50 Euro a month in my pocket from a cancelled sub to UPC.......
Eircom is today's news- tomorrow it'll be something else. I'm not going to get excited- think of all that lovely, lovely free broadband (rubbing hands in glee!) Not.....
I am Irish guy working in IT and in Ireland IT is a fully fledged joke. WEP has been insecure for years but since its Ireland apparently no one will notice. Same for everything else over here. We dont even have a proper broadband layout here just a patchwork of badly setup WANs (that are oh so easy to exploit for free internet access). I just find anything IT based over here is setup by cowboys or idiots ninety percent of the time. Suppose I shouldn't be to annoyed by them as they provide me with work fixing up their messes(and plenty of it). I give the other ten percent a pat on the back for a job well done and restoring my faith in humanity!.
I figured out the vulnerability ages ago, and had begun work on a tool to convert the SSID to serial number, and from there to WEP key. I had then planned on informing Eircom, and after that writing some articles on it, and getting my name out there as an authority on IT Sec issues. Oh well.
Its all a bit of a moot point anyway, as WEP is so easy to crack, but the way the exploit was released, I dont entirely agree with, taking the skill of getting into a vulnerable eircom wireless network out of the hands of technically adept people(and one would hope relatively ethical people), and into the hands of the script kiddies. Current wep cracking techniques do take an element of expertise. Sure the code is easily available, but you need a linux box to run aircrack(injection afaik is not available on windows), then you need to install it, configure it, make sure your card is compatible, possibly recompile your kernel etc. I know to any semi experinced Linux geek its nothing, but it is a barrier for the Skiddies. Now, all they need to do is, as someone said, type in eircom ssid thingy, and they have access. Coming from Ireland aswell, the level of IT expertise in this country is ridiculous. As Anonymous Vulture, said 90% are cowboys, and its true. thousands of people will be vulnerable to this problem for years to come. Handing it to the skiddies was not what I would have done. Rant over.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
