Default wireless security key can be figured out on BT Home Hub
Wednesday 23 April 2008 18:44:07 by Andrew Ferguson
As one of the most commonly used wireless modem/router devices in the UK it is perhaps no surprise to see that a group has found out a way of figuring out the default security key on the BT Home Hub.
Digital Lifestyles carries a statement from BT on the possible security problem. It should be pointed out that the advice given applies to all wireless routers.
"We are aware of this problem, although we don’t believe that any customers have been affected.
It’s important to realise that although it has been possible to demonstrate a scenario where the hub may be vulnerable, we don’t believe it is something that should affect the majority of BT customers in real life.
Customers with enquiries on how to further protect their network will be directed to www.bt.com/help/hub, which gives detail of a number of precautionary actions that can be taken to help increase their on-line security. These include:
- Changing the default wireless key and the encryption type from WEP to WPA.
- Changing the admin login password of the Hub Manager. Leaving the Hub switched-on at all times, including overnight to benefit from firmware updates as they become available.
- Having AV and firewall software installed on all computers.
- Being wary of unknown web sites and e-mails from unknown sources, including invalid security certificates."
Statement from BT on Home Hub security
It would appear the risk only arises if someone knows the serial number for your BT Home Hub, which suggests they have physical access to the router, at which point other security issues are probably more of a concern, e.g. what is this person doing in your home. For shared households this may be an issue if one housemate is not suppossed to be using the connection.
Using WPA encryption (or WPA2 if available) for your wireless network is the preferred system and unlike WEP does not require complicated hexadecimal strings (i.e. just characters A to F and digits 0 to 9), but remember to use something that is unique and not guessable, so avoid things like your address, phone number, birth dates.
Digg this
Add to del.icio.usComments
With our neighbours consent I tested the vulnerability on their router. This vulnerability works. There are 3 more Homehubs on this street and they're all vulnerable too.
There is no requirement to know the serial number, all that is required is to know the format of the serial numbers.
As an aside Be users will note that there is a sticker on their router that says "SSID=Bebox". Under that sticker is the default SSID which, as detailed on gnucitizen.org (the original source of this info), if used will result in the Bebox (ST780WL) becoming vulnerable too.
Oh and since the KEY is compromised it makes no difference what the encryption algorithm is. Important to hammer that point home. WPA/WPA2 is just as vulnerable to this as WEP.
It's not as if it would take long to crack a WEP key anyway, there's plenty of free software out there to do it for you.
...And people wonder why I don't trust BT over in the FON post, eh.
It's not really about BT though - It's about the way Thomson (and others) generate keys on their boxes.
I'm struggling with what the best solution is to this, as wireless connections is still one of our biggest support call generators. Certainly my view is that one of the WPS deployments seems like the best idea going forward.
http://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup
I imagine this story will push up the priority of implementing that across the industry.
That wikipedia page is clear as mud, Ian.
So... it's a standard protocol for the formerly vendor-specific router "easy setup" methods. Useful for the less tech-minded I'm sure.
Well, it's the less tech minded who buy most of our products and use most of our support, so giving them something simple yet secure is the answer.
Quite a lot of new routers seem to have the button, but it doesn't yet do anything in most cases. I've used the AVM Fritzbox USB key thing, and that seemed quite easy, but it must add some expense.
Ian
Oh yea, I'm not knocking the concept, just that awful wikipedia page.
The only easy-setup I've tried which has worked was that on a late-model WRT54G.
I have an interesting question, I have just changed from WEP to WPA-PSK on the Homehub. My speed is down to it's normal 700k at this time of night but the response from my computer is far faster than normal.
Why would this be? I didn't think the encrption would have any effect on the wireless speed, is it less prone to data corruption giving me a better speed?
Strangely, I was thinking about this the other day and wondered how BT and others did that - I came to the conclusion that it would probably be an algorithm based on some identifier that is broadcast in the clear, perhaps the MAC address of the WLAN?
Anyway, I would always recommend using WPA and create a password from a website like www.goodpassword.com