| |||||||||||
|
| |||||||||||
Home routers and security flawsHome routers and security flawsPosted Oct 11, 2007 1:39 UTC (Thu) by jwb (guest, #15467)Parent article: Home routers and security flaws
I would have to say that these attacks are the least of the worries I have about the telco's home routers. The most widespread telco-supplied home router is the 2Wire wireless access point and dsl modem. Each of these is shipped with a 56-bit WEP key, which is written on the bottom of the router. The user does not have the password for the router, because it's kept secret by the telco's support group, so the user can't upgrade to 128-bit WEP or WPA or do any other thing. It is trivial to crack the 56-bit keys in these things. It can be done by any hacker in less than 10 seconds.
This is the access point that AT&T supplies to all their DSL customers, so this piece of junk is very, very popular.
(Log in to post comments)
Home routers and security flaws Posted Oct 11, 2007 11:26 UTC (Thu) by nix (subscriber, #2304) [Link] Yeah, but BT's goal is eventually to get a BT Home Hub into the house of everyone with a telephone line or a TV. That's basically *everyone* in the UK.
Home routers and security flaws Posted Oct 11, 2007 13:45 UTC (Thu) by tialaramex (subscriber, #21167) [Link] I am very dubious about this "less than 10 seconds" remark.
My impression after trying WEP crackers on friendly networks was that they weren't very effective. No doubt the possibility that a determined and resourceful attacker would eventually succeed in obtaining your WEP key is a valid threat model, and I agree it would be better to upgrade to better technology where possible, but "10 seconds" doesn't match my experience.
I spent several days monitoring active (and friendly) business networks with tools that made these sort of claims, and in each case they failed to retrieve a workable key. In that time I learned several things relevant to the "10 seconds" claim.
• You can't crack a network that's idle. The beacon packets are plaintext, so you're reduced to just guessing keys and trying to connect, there are 2^56 keys so that's not viable even if no-one notices your billions of failed attempts.
• Crackers are mostly looking for "weak IVs" which are an implementation error in early APs. If your AP doesn't spit out lots of weak IVs then your WEP implementation will take much longer to crack.
• Although having more eavesdropped data available improves the performance of the cracking software it isn't linear, so collecting data for twice as long won't halve the time taken to guess a key.
• The attack is probabilistic, so sometimes it won't work and the only way to know why would be to start with the real key value, and if you had that (which I did) then attacking WEP is only an exercise.
Home routers and security flaws Posted Oct 11, 2007 15:46 UTC (Thu) by fatrat (subscriber, #1518) [Link]
Look at modern wep cracking tools that use one card to generate suitable packets and another to crack.
Home routers and security flaws Posted Oct 11, 2007 15:49 UTC (Thu) by jwb (guest, #15467) [Link] This particular router/access point has every weakness you mention. I can literally get the keys while walking past one with nothing more than a laptop in a bag and a copy of aircrack-ng. I have lists of hundreds of them from all over San Francisco.
Home routers and security flaws Posted Oct 11, 2007 15:53 UTC (Thu) by leoc (subscriber, #39773) [Link] Those 2Wire modems have far larger problems, primarily the fact that they don't really work. I've had two of them and neither of them would hold a signal for more than an hour or two.
|
|||||||||||