IT Business

Wi-Fi security warning for BT Home Hub users

Researcher points finger at default encryption keys

By Jeremy Kirk | Published 14:28, 14 April 08

A security researcher claims to have found a significant weakness in the wireless encryption of a BT Home Hub DSL home gateway made by Thomson.

Exploiting the weakness could enable someone to connect to a victim's Wi-Fi router for malicious purposes such as snooping on their internet traffic or hacking other machines using the same network, according to GNUCitizen, a group of blogging security researchers.

Also in this channel

‘Secure’ Wi-Fi encryption standard is crackedWi-Fi Protected Access (WPA) set to be hackers' new target >>
How to hack WPA wireless security in one minuteSwitch to WPA2, users urged >>
Understanding WPA2Getting to grips with wireless security >>
Is WEP ever enough?How insecure is Wired Equivalent Privacy? >>

Virtualisation, Big Data and BYOD

Check out our Business IT Hub for opinions and briefings. Read more

BT's Home Hub ships with default encryption keys to encrypt wireless network traffic using either WEP (Wired Equivalent Privacy) or WPA (Wi-Fi Protected Access).

Router manufacturers use an algorithm to generate those WEP and WPA default keys, wrote Adrian Pastor, one of the GNUCitizen's researchers, on their blog. But the algorithm is predictable and only creates a limited number of easily-guessed keys, Pastor wrote.

"Chances are that if you own a wireless router which uses a default WEP or WPA key, such keys can be predicted based on publicly-available information such as the router's MAC [Media Access Control] address or SSID [Service Set Identifier]," Pastor wrote.

"In other words: it's quite likely that the bad guys can break into your network if you're using the default encryption key," he wrote.

Pastor wrote that the information was passed to GNUCitizen by Kevin Devine, who has previously done research into wireless security. Using a software tool built by Devine in addition to information already known about the router, it's possible to come up with 80 possible default encryption keys for WEP, Pastor wrote. Devine created another software tool to try each of those keys on the router until the valid one is found.

The attack worked on three different BT Home Hubs, Pastor wrote. The researchers, however, are not publishing the software tools used in the attack.

But BT Home Hub users can take two steps to avoid this kind of attack: Change the default encryption key, and also opt to use the WPA standard, which is considered stronger encryption than WEP.

BT did not have an immediate comment.

Slideshows: Google London Campus - Inside the incubator for tech startups

Also in slideshows :

Access Computerworld on your mobile

Get the latest news & updates from Computerworld UK on the move. Find out more

Windows 8

Check out our latest articles on Microsoft's next-generation operating system.

Accelerate Your IT Efficiency

View the latest capacity management resources including whitepapers, videos and news.

Latest Slideshows

Click here to view all our slideshows.

Government launches GrowthAccelerator for entrepreneurs

New £200 million scheme to help grow UK start-ups

Nasdaq's Facebook glitch came from race conditions

Nasdaq may pay out as much as $13 million due to a hard-to-find software bug

UK Facebook hacker jailed for 8 months

IBM Watson mastermind says future computers will be constant learners

Mobile network 3 calls on government to lower Europe data roaming charges

Blogs

IT - Helping the business deliver marketing through efficient customer analytics, at scale

How can the CIO deliver analytics to help marketing drive sales?read more »

Ian Watmore's departure - a personal view

Ian Watmore, who leaves the civil service next month, has his critics, David Moss among them. For me Watmore's time in the civil service has been marked by openness, honesty and a lack of ego. Many times he has been before Parliamentary...read more »

Governing business demand

Data management is essential in extracting maximum business valueread more »

Visualise value and then industrialise it

I was speaking to a COO the other day about the drive to deliver BI projects in short timescales. "That’s fine," he said. "But I’ve never known IT to deliver a project in six weeks."This underlined to me one of...read more »

more blogs ..

Cumbrians lose broadband after public subsidy cut

Infrastructure >>

Burberry points to benefits of tech in strong annual results

Applications >>

Cheap tablets sees Lenovo shipments grow in China

IT Business >>

EU data protection regulation and cookie law - Are you ready?

Security >>

De Vere hotels consolidate online brands through private cloud

Cloud Computing >>

Windows 8 touchscreen devices to be priced higher, Dell says

Operating Systems >>

Slideshows
White Papers
Videos
Newsletters

Login

Please login to ComputerworldUK.com

Forgot password?

Not a member yet?

Register for a Computerworld UK Account and enjoy unlimited access to our extensive white paper library and exclusive Enterprise multi-user software trials. Account members can also comment on articles and access best practices guides.
Register

HP Business Answers

Join the discussion today

The HP Business Answers group is a vibrant community of small and medium sized business owners and employees. HP provides independent and expert advice in fields such as design, branding, taxation, technology, marketing or manufacturing so join today to network with over 6500 like-minded professionals.