Eircom users open to hack attacks
p2pnet news view Security | WiFi:- On its web page, “broadband without boundaries,” promises Motorola.
The trouble is, one of its products, Netopia, is apparently providing WiFi almost without boundaries to hackers in Ireland.
Eircom, Ireland’s largest ISP, has just agreed to disconnect its own users accused by Warner Music, EMI, Vivendi Universal and Sony BMG of being file-sharers.
Now Eircom customers are at risk of having their Net connections chopped because of a security hole in some of the Netopia WiFi routers it uses.
The flaw makes it child’s play for war-driving hackers to hijack older Netopia 2247 and 3300 WiFi routers and, hence, some Eircom accounts.
‘Huge security risk’
Motorola bought Netopia in 2006 and, “I always had concerns about Eircom’s default set up for their wireless broadband routers ever since one of my clients asked me to set one up for them,”" says an October 2007 post on Tom Doyle :: TALK, going on:
“When you get a wireless router from Eircom, you are also given a disc which has a program on it to help you generate your WEP key. With the program loaded on your computer, you simply enter the serial key on the side of the router and bang, you have the WEP key – to write down and take away.
“In my mind, this is a huge security risk.”
Said Bart Busschots a month earlier, “I had heard complaints from people in the past that Eircom didn’t seem to do the whole security thing properly at all,” going on:
“I guess I just hopped they’d have sorted themselves out by now. They haven’t. I’m not sure if it’s down to incompetence or just not caring about their customers, but, in my book there are no valid excuses for leaving your customers exposed.”
Given its current arrangement with the Big 4 labels, customer care doesn’ t appear to be high on its list of priorities and Busschots continued »»»
Currently each Netopia router shipped by Eircom has two pre-programmed settings that distinguish it from every other Eircom Netopia router out there. These are the SSID (the ‘name’ for the wireless network) and the WEP key. Both are somehow pre-generated and added to the router’s configuration before shipping. If the information I have been sent is correct there is a fatal flaw in the way these two settings are generated.
They are both apparently derived in a simple way from the router’s serial number and given JUST the SSID (which is BROADCAST by the router) you can apparently easily calculate the default WEP password. This means that if you follow Eircom’s instructions and leave it at that the name your wireless network is broadcasting contains all the information an informed attacker needs to access your supposedly private and protected network.
Update (02 Oct 2007): As has been pointed out in this thread on boards.ie the serial number which is used to generate the WEP key can be derived from the MAC address of the router so changing the SSID is not a protection. As long as WiFi is enabled the MAC address can be sniffed and hence the default WEP key generated.
Fast forward to 2009 and, Sean Byrne, who lives in Ireland told TorrentFreak, “There are lots and lots of existing WiFi signals that are open to this exploit. I’m located in Galway city, there are several ‘Eircom*** ***’ SSID’d networks located in the city that are open to this.”
Even now, “It’s like free communal WiFi on tap,” the story has Byrne saying, “most places you travel in Ireland will have an Eircom WiFi signal.”
Adds TorrentFreak:
“Although WEP security should be avoided if at all possible, some devices (particularly older ones) rely on it. Short of changing the WEP keys, this particular exploit can be defeated by simply changing the network’s SSID.
“That said, we expect the same people who ignored or missed Eircom’s advisory the first time round will more than likely take the same action as they did back then – i.e very little. In the meantime, thanks to Eircom’s deal with the music industry, anyone in this position can have their connection used by an unauthorized file-sharer, and along with that the prospect of being accused of something they haven’t done.
“Equally, anyone with one of these routers could simply claim they have been the victim of a hacker and Eircom would have to believe them. I’m sure we’ll be hearing more about this situation before long.”
Stay tuned
disconnect its own users – Eircom caves in to Big 4 labels, January 29, 2009
Tom Doyle :: TALK – Eircom netopia wireless router hack, October 1, 2007
Bart Busschots – Eircom Exposes Its Broadband Customers to Serious Security Risks, September 11, 2007
TorrentFreak – Eircom Customers Wide Open to Erroneous Disconnection, February 2, 2009
Use free p2pnet newsfeeds for your site. It’s really easy!
Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php
Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details.
March 6th, 2009 at 9:38 am
This article in ‘The Kerryman’ explains that even though WEP security is changed – a Hacker may already have compromised the system (prior to upgrading from default WEP settings) and opened a ‘Backdoor’
“Your computer is at the mercy of hackers”
By SIMON BROUDER sbrouder@kerryman.ie
Wednesday March 04 2009
GLARING security problems, with potentially massive legal ramifications, still exist with Eircom wireless broadband services a year and a half after they were first raised with the company, The Kerryman can reveal.
In September 2007 computer hackers released a simple programme which allows anyone with a wireless enabled laptop to hack into domestic Eircom broadband accounts and anonymously surf the internet.
Eighteen months on and hackers are still using the programme and can park outside a house and, within seconds, access a secure wireless network and download all manner of material, including pirated music and movies or other illegal materials.
Computer records will show that the material was downloaded to the innocent party’s computer and the hacker can easily erase any evidence that they had illegally accessed the computer.
This week The Kerryman accompanied a computer expert to several locations in the greater Tralee area and watched as they hacked into five separate Eircom accounts, both domestic and business, using just a basic €600 laptop and the easily downloaded, freely available, computer programme.
The programme exploits weaknesses in the default security settings Eircom uses with its ‘Netopia’ wireless modems. Eircom broadband users are provided with a default Wireless Equivalent Privacy (WEP) key, the equivalent of an ATM card pin number, which is designed to prevent others accessing their networks.
The problem arises because the default WEP key, which is created using a simple mathematical formula, is based on the modem’s serial number.
Computer owners can guard against hackers by manually changing their WEP key, Eircom’s website contains advice on this, but anyone using the default WEP setting provided by Eircom is vulnerable.
If the default WEP is in use a hacker can, as demonstrated to The Kerryman, view all account details relating to the broadband account, erase all evidence of their presence, remove security firewalls, block the account holder from accessing the internet and potentially access private files held on the computer.
So-called back doors into ’secure’ Eircom broadband networks can also be created allowing hackers access at a later date, even if the security WEP code is changed.
Though Eircom advised customers of the problem in October 2007 many of the company’s customers remain unaware of the danger and have not upgraded their broadband security to deal with the threat.
In its advice to customers Eircom said that only “a person with advanced working knowledge of encryption and coding techniques” could exploit the security loophole.
However, according to the computer expert who demonstrated the technique to The Kerryman, the system is vulnerable to anyone with even a basic understanding of computers.
“You can park in any estate, use your laptop to search for wireless networks and then use the programme, which only needs you to enter an eight digit code that’s part of the network name, to access the internet and even access private files on a PC. It takes seconds,” they said.
According to Tralee Solicitor Pat Mann the situation could have major legal ramifications.
“It’s a highly dangerous situation and it could definitely be used as a defence in court,” he said.
Mr Mann said that in a court case involving a serious computer crime, such as downloading child pornography, a computer expert could easily be brought in to prove that an accussed’s computer may have been compromised using this method.
Eircom is aware of the problem and notified customers when the issue first arose. The company’s says its top priority is to help customers minimise any wireless security risks on their broadband connection. Advice on upgrading the security of an Eircom broadband connection is available at http://www.eircom.net/wirelesssecurity.
- SIMON BROUDER sbrouder@kerryman.ie