From http://www.ireland.com/newspaper/frontpage/2007/1002/1191223002351.html:
Security flaw leaves Eircom customers open to hackers
Up to a quarter of a million Eircom customers could be inadvertently sharing their broadband connections with strangers due to a security flaw in products supplied by the telecoms company.
The security problem could allow hackers to access wireless connections in buildings up to 30m (100 feet) away, without the knowledge of the Eircom account-holder.
As well as allowing free access to the internet, the flaw could in theory permit a hacker to engage in illegal activity that could then be traced back to the Eircom customer.
The problem relates to broadband routers, supplied to Eircom by Motorola subsidiary Netopia, which can connect computers to the internet via Wi-Fi, a wireless technology commonly available on the average PC.
Due to the way security has been implemented on these products, hackers and anybody with a reasonable computer knowledge can freely use them to access the internet.
The wireless routers use a security protocol called Wired Equivalent Privacy (WEP). This protocol requires anybody accessing the wireless network to enter a 16-digit password.
This code is generated from the serial number of the router as well as some text which is converted to numerical values.
The text used includes eight snippets of lyrics from guitar legend Jimi Hendrix.
The security problem occurs because the unique eight digit number that is broadcast as the name of the network is also derived from the serial number.
As a result hackers simply have to look at the name of the Eircom network to get access to it. Both downloadable tools and websites have emerged which automatically create the 16-digit key when the network name is keyed in.
Eircom issued a statement yesterday saying it is aware of the issue and is contacting all affected broadband customers.
The Netopia routers in question are the 3300 and 2247 series.
Users who have changed the default set up are unaffected by the problem.
All new modems sold by Eircom will have instructions on how to change the default WEP key while existing customers are advised to visit www.broadbandsupport.eircom.net for instructions.
Eircom pointed out that accessing wireless networks without permission is a criminal offence under the Criminal Damage Act 1991 and the Criminal Justice (Theft and Fraud Offences) Act 2001.
The problem was first revealed on a post to the popular Boards.ie discussion website over the weekend.
“This raises a number of issues, not least that my neighbour could use my broadband connection,” said Brian Honan, a director of security specialists BH Consulting.
Mr Honan said unauthorised users could use a wireless network to download illegal content or even to access other computers in the premises or home.
Motorola, whose subsidiary supplies the routers, declined to comment on the matter.
(Aside: As you can expect, we had a busy day on boards.ie today, necessitating a database server restart at one stage when our web node requests became too much for our database to handle. But you may have seen in my recent presentation about boards.ie that we are purchasing a new database server to help resolve this limitation. The story also made it onto The Register via ENN.)
Any estimate on how many extra hits it brought? I didn’t think it would affect you too badly because they call it simply “Boards.ie” so it gets no auto-linking on Irish Times or The Register, etc., so people have to manually type in “boards.ie” into their browsers.
On a slightly unrelated note, ever considered taking Sun up on their free 60 day trial of their hardware to see if any of it can help scale boards?
James: Will check tomorrow when Analytics has its full stats for the day…
Conor: I’m not sure, but I think it’d be a pain to move to a new platform, test, and then have to roll back if it didn’t work out…
Actually Sun have moved into the standard server area. You can get a box with Dual Opertons and 32Gb of RAM and run linux on it.
Cool - the server switch would be something we couldn’t probably do on the live site though, and then we wouldn’t be able to fully evaluate the performance effects.
The stats for yesterday were actually about normal for a Tuesday (we had 40,523 absolute unique visitors).
this security flaw can be avoided for the eircom wep key generator
(this script works on nokia n95 phone Wooo lol )
rename your broadcast name
turn off your router when not in use
password protect your router stop it been hijacked
as a security test on mine i setup a few servers // www/ftp/php/mysql/mail/ all of them worked easy i did this just to see how easy it was to get access to my connection with out access to it from the start, this had me freaked.
however, all wep keys can be broken
airodump_ng
airoplay_ng
aircrack
wifi in general is week
simple solution
turn it off when not in use
crackers wont bother using it if its not there in their time
also if your thinking, only allow certain ip addresses / mac addresses to be allowed access this also is a flaw as they can be faked and passphrases can be broken lol
wifi is a lost battle for now
i have tried all the above and have broken them all its a joke.
but then again wifi makes life so dam easy no ******* wires
dublin guy oliver bond flats
Muuhahhahahahahah