This is a follow-up article to my earlier article Eircom Exposes Its Broadband Customers to Serious Security Risks. If you’re following the comments on that article you’ll see that I’m trying to bring these problems to Eircom’s attention. I haven’t gotten very far yet but I’ll keep updating those comments with what ever progress I manage to make. However, there has been another development that I feel I need to bring to people’s attention. This afternoon I was anonymously sent some very interesting information regarding yet another alleged hole in Eircom’s security. I MUST STRESS THAT I HAVE NOT VERIFIED THESE CLAIMS as to do so would involve attempting to break in to someone’s network and that’s illegal. However, should this prove to be true Eircom has yet another problem to fix. In this article I’ll start by explaining the alleged problem, then propose a simple solution, and end with some simple advice for Eircom customers who wish to protect themselves from these security vulnerabilities.
The Alleged Problem
Currently each Netopia router shipped by Eircom has two pre-programmed settings that distinguish it from every other Eircom Netopia router out there. These are the SSID (the ‘name’ for the wireless network) and the WEP key. Both are somehow pre-generated and added to the router’s configuration before shipping. If the information I have been sent is correct there is a fatal flaw in the way these two settings are generated. They are both apparently derived in a simple way from the router’s serial number and given JUST the SSID (which is BROADCAST by the router) you can apparently easily calculate the default WEP password. This means that if you follow Eircom’s instructions and leave it at that the name your wireless network is broadcasting contains all the information an informed attacker needs to access your supposedly private and protected network.
Update (02 Oct 2007): As has been pointed out in this thread on boards.ie the serial number which is used to generate the WEP key can be derived from the MAC address of the router so changing the SSID is not a protection. As long as WiFi is enabled the MAC address can be sniffed and hence the default WEP key generated.
Food For Thought For Eircom
The information I was given included a very short piece of computer code (in C++) that takes an Eircom default SSID as input and effectively instantly gives the default WEP key as output. The algorythm to do this is shockingly and frighteningly trivial. The author claims he was able to generate this code using some very basic reverse-engineering techniques on the Eircom install CD. My anonymous source assures me he has not released this code into the wild but points out that if he can generate it others can too and someone probably already has. Others who also reverse engineer the install CD may not be as morally upstanding as my source claims to be.
This appears to be a classic example of security by obscurity. This is a fundamentally flawed approach to security and simply doesn’t work.
Proposed Solution for Eircom
Now, you might well say that given the fact that WEP can be trivially broken anyhow this is not much of an issue. There is some logic to that, however, there is also a little more to it. Should Eircom fix their default setup and use WPA instead of WEP but keep this key generator then users will still be vulnerable. The effect of this is that there are now three things Eircom must fix if they want to provide actual security to their clients:
- They must start instructing users to set a password on their Netopia routers for the reasons outlined in my previous article.
- They must change their default encryption scheme from WEP to WPA, again, for the reasons outlined in my previous article.
- They must change the way they generate their SSIDs and their default encryption keys in such a way that knowing one does not make it possible to calculate the other.
Were Eircom to ask me how they could fix this I would propose the following:
- SSIDs be generated from the serial number using a one-way cryptographic hashing function like SHA1 or MD5. It is VITAL that the algorithm used be one-way so as to make it impossible to get from the SSID back to serial number and hence back to the WEP key as it currently appears to be possible to do.
- Either also generate a default router password from the router’s serial number or update the instructions for users instructing them to set a password on the router themselves.
- Switch from WEP to WPA (with PSK)
You may note that I am still advocating generating the password for the wireless encryption from the router’s serial number. This is because the only way to get at the serial number is to physically have access to the router. If you have physical access you can re-set to factory defaults anyhow so you can always get in. The flaw with the current system is NOT that the WEP key is being generated from the Serial Number, it is that it appears to be possible to get from the SSID to the WEP key with some simple mathematics. SSIDs are broadcast by the router so anyone within range of your wireless network will see your SSID. Hence, all that is needed to solve this problem is to change the way the SSIDs are generated. One-way cryptographic hashing functions are absolutely perfect for this kind of thing. Their use as described above would make it trivially easy to go from serial number to SSID but almost impossible to go from SSID back to serial number and hence encryption key.
It should be noted that none of these changes are major, but I believe they would make the world of difference to the security, and hence safety, of Eircom’s many customers.
What Can Current Eircom Customers Do?
That’s all well and good but even if Eircom do the responsible thing and make these changes that won’t help current customers. So, if you already have wireless broadband from Eircom you need to take some action to protect yourself. The following three changes are all that is needed:
- You must switch from WEP encryption to WPA with a Pre-Shared Key (PSK).
- You must generate a new and very long pass-phrase for use with the WPA encryption. On no account should you use the default WEP key generated from your serial number by the Eircom install CD unless you also change your SSID. I would recommend getting a randomly generated 63 character HEX password from Steve Gibson’s Perfect Passwords page. You could obviously never remember such a password so my advice would be to save it in a text file and keep it on your computer or a USB thumb drive so you can easily give it to visitors you’d like to give access to your network.
I don’t have access to a Netopia router ATM so if an Eircom customer out there would be kind enough to take some screen shots for me and email them on I could add them in here to help people out.
Update (30 April 2008): More detailed instructions on securing Eircom wireless routers are now available here.