Default wireless security key can be figured out on BT Home Hub
As one of the most commonly used wireless modem/router devices in the UK it is perhaps no surprise to see that a group has found out a way of figuring out the default security key on the BT Home Hub.
Digital Lifestyles carries a statement from BT on the possible security problem. It should be pointed out that the advice given applies to all wireless routers.
"We are aware of this problem, although we don’t believe that any customers have been affected.
It’s important to realise that although it has been possible to demonstrate a scenario where the hub may be vulnerable, we don’t believe it is something that should affect the majority of BT customers in real life.
Customers with enquiries on how to further protect their network will be directed to www.bt.com/help/hub, which gives detail of a number of precautionary actions that can be taken to help increase their on-line security. These include:
- Changing the default wireless key and the encryption type from WEP to WPA.
- Changing the admin login password of the Hub Manager. Leaving the Hub switched-on at all times, including overnight to benefit from firmware updates as they become available.
- Having AV and firewall software installed on all computers.
- Being wary of unknown web sites and e-mails from unknown sources, including invalid security certificates."Statement from BT on Home Hub security
It would appear the risk only arises if someone knows the serial number for your BT Home Hub, which suggests they have physical access to the router, at which point other security issues are probably more of a concern, e.g. what is this person doing in your home. For shared households this may be an issue if one housemate is not suppossed to be using the connection.
Using WPA encryption (or WPA2 if available) for your wireless network is the preferred system and unlike WEP does not require complicated hexadecimal strings (i.e. just characters A to F and digits 0 to 9), but remember to use something that is unique and not guessable, so avoid things like your address, phone number, birth dates.