Eircom Netopia Routers Are Wide Open - Page 3

Sponge Bob · 26-09-2007, 08:11

Still no advisory to the customer base not that it surprises me

52 hours to go !!!!!

Damo2k · 26-09-2007, 13:26

anyone wanna post this software? I would like to debug it. The Eircom software that is.

BaconZombie · 26-09-2007, 15:04

Quote:

Originally Posted by Damo2k

anyone wanna post this software? I would like to debug it. The Eircom software that is.

http://broadbandsupport.eircom.net/d...7nwg-setup.exe

Damo2k · 26-09-2007, 15:05

thanks.

thelastangryman · 26-09-2007, 20:03

Quote:

Originally Posted by Damo2k

thanks.

Fix it and let spongebob look it over than release it. Make sure to put your name on it too.

bartificer · 26-09-2007, 22:13

Hi folks, I've just been pointed at this article now. I must say I'm glad to see people have taken note of my blog post. My aim was to bring it to people's attention, so that seems to have worked in a limited way at least.

I have one wee update from today. I got a call from Eircom telling me they are working on a response and that it will be in the post to me soon, probably tomorrow. I will of course let you all know how that goes.

I just want to add a few other small points:

1) WEP is fundamentally broken. It was a little bit broken when the episodes from security now that were linked earlier were released, it is now even more broken. We're talking between 1 and 2 minutes. The new technique uses a replay attack with ARP packets to pump the traffic and quickly pick up the required number of packets to do the crack.

So - bottom line - DON'T USE WEP

Eircom need to make it clear to their customers that WEP is only pretend security, it is not real security.

2) MAC locking achieves NOTHING. It can be trivially by-passed as has already been explained in the thread.

3) Turning off SSID broadcasting is also not an effective protection. The SSID is still in all the transmitted packets. An attacker can still get it so again turning off SSID broadcasting is only pretend security, not actual security.

4) Yes, WPA can be broken and WPA2 is a lot better. HOWEVER, WPA is DRAMATCIALY better than WEP. From what I could see the Netopia routers don't suppor WPA2 but they do support WPA. At the VERY least Eircom need to advise their customers to use WPA if at all possible and explain to their customers that WEP provides almost no actual security. They also need to tell their customers to either change their SSID or their encryption key. Even if people do move to WPA they are still no better off if they continute to us the Eircom generated key!

Oh ... finally ... I would request people not post the code. I have one version and I know of at least two other methods of executing this attack. So, it is clear that there are a lot of people who know this already. Lets not make things worse just yet. If Eircom do not respond in an appropriate way then perhaps it would be understandable to publish code. Personally I will not do it, but I could understand others doing it.

Finally, if Eircom do not respond appropriately I plan to take this issue to the media. Should that happen I'd really appreciate some help and advice, as a sys-admin I'm not really practised at dealing with any media other than tapes and DVDs and stuff

Anyhow, thanks for spreading the word and please pass this link on to any Eircom customers you know.

Bart.

dirtchamber · 27-09-2007, 14:44

How many hours left? !!

BloodSugarSex · 27-09-2007, 19:59

i just spotted this thread, im shocked, the last four digits of my SSID were changed already but it was on WEP, ive just changed it to WPA, thanks everybody

lonewolf · 27-09-2007, 23:54

Sponge bob, please think before you do something you will regret. I thought long and hard about releasing my code, but came to the conclusion that it wouldn't benefit anyone. Think about it..

Peadophilles suddenly able to access all sorts of perverted material anonymously with someone else getting the blame. Laptop + Car + Exploit = Simple.
Huge phone bills for families/students/anyone caused by leachers maxing out their download limits.
Stolen credit card/banking details and identity theft by anyone with the skill and within Wifi range.
Stolen customer data from small businesses using the service. Imagine for instance a mortgage broker with a Netopia box.

The damage, misery and financial cost of what you are about to do is unreal. Anyone with proper ethics would realise this and see past the 5 minutes of "I'm the guy who screwed Eircom over" fame crap.

Grow up and get a conscience because if you let this bomb off, you will be responsible for all of the above. Sure its Eircom's fault for having the flaw in the first place, but this count down stuff is childish and with such a large company it would take time for them to respond. Just throwing the code into the wild won't fix anything.

If you truly want to help, continue your discussion with them and see if you can work together to find a solution.

*ongarite* · 28-09-2007, 00:09

Quote:

Originally Posted by lonewolf

Sponge bob, please think before you do something you will regret. I thought long and hard about releasing my code, but came to the conclusion that it wouldn't benefit anyone. Think about it..

Peadophilles suddenly able to access all sorts of perverted material anonymously with someone else getting the blame. Laptop + Car + Exploit = Simple.
Huge phone bills for families/students/anyone caused by leachers maxing out their download limits.
Stolen credit card/banking details and identity theft by anyone with the skill and within Wifi range.
Stolen customer data from small businesses using the service. Imagine for instance a mortgage broker with a Netopia box.

The damage, misery and financial cost of what you are about to do is unreal. Anyone with proper ethics would realise this and see past the 5 minutes of "I'm the guy who screwed Eircom over" fame crap.

Grow up and get a conscience because if you let this bomb off, you will be responsible for all of the above. Sure its Eircom's fault for having the flaw in the first place, but this count down stuff is childish and with such a large company it would take time for them to respond. Just throwing the code into the wild won't fix anything.

If you truly want to help, continue your discussion with them and see if you can work together to find a solution.

I disagree on a few counts.

As you have already mentioned in previous posts, the WEP security that nearly all Eircom routers can be easily discovered in 2 mins with well known and available tools. Releasing the code that Sponge Bob has is just going to make it a little easier to leech into somebodies router.
Little or nobody has ever been charged for going over the DL limits with Eircom or resellers of Eircom DSL lines.
If businesses are using WEP security knowingly then thats pretty stupid.

Eircom are going to stay quiet and pretend / hope this never happened and that people like you will be too scared to release it.

I say fair play to Sponge Bob for having the balls to go through with this.

Its like MS Windows security patches, they're never fixed proactively, only retroactively when the flaw is out in the open and has to be patched.

Martyr · 28-09-2007, 02:42

i agree with lonewolf on this one.

the arguement from those who want to know the details and say something like "please tell me, WEP is so easily broken anyway" is bogus - because owners of the routers might not actually be using wireless access provided by it in the first place.

but lamers don't need to worry about that anyway.. since if they want the key, its no problem, Sponge Bob will help them by publishing the minor details of it & some code before giving eircom a chance to tell everyone through the proper channels.

from what i understand, Sponge Bob has issues with eircom. And now that he's got something to upset them, he's gonna use it, regardless of the problems that will cause for the customers he pretends to care about.

if he really was concerned about the customers, as lonewolf has already said, he'd just work out some kind of solution and allow eircom to respond.

Quote:

Its like MS Windows security patches, they're never fixed proactively, only retroactively when the flaw is out in the open and has to be patched.

Microsoft have automatic updates, am i mistaken in saying there are none for these eircom routers?

Hobart · 28-09-2007, 07:25

This is like a very badly written version of War Games. Most people, tbh, would not know or do not care what a wep code is. By other people taking advantage of their wireless network, they will think they have a virus, d'internet is broke, etc....

Releasing this will not bring the world to a stop, nor will it result in every house being hacked.

At 12:01 today I'm hoping to have a program written that will allow me to farm multiple wireless routers (my neighbours actually) and give me a virtual upload and download speed of 10GB b 17:00 today. I will then switch off the internet ay 18:00, unless muck decides to stop this folly.

You have been warned! 10 and 1/2 hours to doomsday!!

dirtchamber · 28-09-2007, 09:42

I reckon it should be released so Eircom have to change the way they 'secure' their Wireless Routers.

bartificer · 28-09-2007, 10:33

I'm going to chime in again against releasing the code.

Yes, those with some good techie skillz can crack WEP trivially. But that's a pretty nerdy thing to do. Running a program is a pretty trivial thing to do. Run this, type the SSID, get the key. Just about anyone can manage that!

So, although WEP provides no signifficant barrier to someone who knows what they are doing, it does deter casual would-be-leechers much more than a simple program would.

Bart.

lordlame · 28-09-2007, 11:35

Quote:

Originally Posted by bartificer

I'm going to chime in again against releasing the code.

Yes, those with some good techie skillz can crack WEP trivially. But that's a pretty nerdy thing to do. Running a program is a pretty trivial thing to do. Run this, type the SSID, get the key. Just about anyone can manage that!

So, although WEP provides no signifficant barrier to someone who knows what they are doing, it does deter casual would-be-leechers much more than a simple program would.

Bart.

Wrong. Those who have the ability to observe flash movies can crack WEP & WPA. There is nothing technical in setting up VMWARE and loading an iso. As pointed out earlier, it takes roughly 5 minutes to succesfully crack most routers using WEP with the pen testing tools available on hand, give or take a few minutes on your typing skills.

Eircom done the bad thing by using WEP in the first place, they _should_ of changed to WPA over due time but they didn't.

Spongebob: Threatening to release damaging code in one week to an ISP that has shipped over "100k" of these modems is nothing more than a weak stab of obtaining fame. They can not fix anything in that ammount of time.

26-09-2007, 13:26	#32
Damo2k Registered User Join Date: Sep 2006 Location: Ireland Posts: 833 Adverts \| Friends	anyone wanna post this software? I would like to debug it. The Eircom software that is. Last edited by Damo2k; 26-09-2007 at 13:38.

27-09-2007, 23:54	#39
lonewolf Registered User Join Date: Sep 2007 Posts: 9 Adverts \| Friends	Sponge bob, please think before you do something you will regret. I thought long and hard about releasing my code, but came to the conclusion that it wouldn't benefit anyone. Think about it.. Peadophilles suddenly able to access all sorts of perverted material anonymously with someone else getting the blame. Laptop + Car + Exploit = Simple. Huge phone bills for families/students/anyone caused by leachers maxing out their download limits. Stolen credit card/banking details and identity theft by anyone with the skill and within Wifi range. Stolen customer data from small businesses using the service. Imagine for instance a mortgage broker with a Netopia box. The damage, misery and financial cost of what you are about to do is unreal. Anyone with proper ethics would realise this and see past the 5 minutes of "I'm the guy who screwed Eircom over" fame crap. Grow up and get a conscience because if you let this bomb off, you will be responsible for all of the above. Sure its Eircom's fault for having the flaw in the first place, but this count down stuff is childish and with such a large company it would take time for them to respond. Just throwing the code into the wild won't fix anything. If you truly want to help, continue your discussion with them and see if you can work together to find a solution.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

26-09-2007, 08:11	#31
Sponge Bob Registered User Join Date: Feb 2005 Posts: 14,984 Adverts \| Friends	Still no advisory to the customer base not that it surprises me 52 hours to go !!!!!

26-09-2007, 15:05	#34
Damo2k Registered User Join Date: Sep 2006 Location: Ireland Posts: 833 Adverts \| Friends	thanks.

26-09-2007, 22:13	#36
bartificer Registered User Join Date: Jul 2003 Posts: 113 Adverts \| Friends	Hi folks, I've just been pointed at this article now. I must say I'm glad to see people have taken note of my blog post. My aim was to bring it to people's attention, so that seems to have worked in a limited way at least. I have one wee update from today. I got a call from Eircom telling me they are working on a response and that it will be in the post to me soon, probably tomorrow. I will of course let you all know how that goes. I just want to add a few other small points: 1) WEP is fundamentally broken. It was a little bit broken when the episodes from security now that were linked earlier were released, it is now even more broken. We're talking between 1 and 2 minutes. The new technique uses a replay attack with ARP packets to pump the traffic and quickly pick up the required number of packets to do the crack. So - bottom line - DON'T USE WEP Eircom need to make it clear to their customers that WEP is only pretend security, it is not real security. 2) MAC locking achieves NOTHING. It can be trivially by-passed as has already been explained in the thread. 3) Turning off SSID broadcasting is also not an effective protection. The SSID is still in all the transmitted packets. An attacker can still get it so again turning off SSID broadcasting is only pretend security, not actual security. 4) Yes, WPA can be broken and WPA2 is a lot better. HOWEVER, WPA is DRAMATCIALY better than WEP. From what I could see the Netopia routers don't suppor WPA2 but they do support WPA. At the VERY least Eircom need to advise their customers to use WPA if at all possible and explain to their customers that WEP provides almost no actual security. They also need to tell their customers to either change their SSID or their encryption key. Even if people do move to WPA they are still no better off if they continute to us the Eircom generated key! Oh ... finally ... I would request people not post the code. I have one version and I know of at least two other methods of executing this attack. So, it is clear that there are a lot of people who know this already. Lets not make things worse just yet. If Eircom do not respond in an appropriate way then perhaps it would be understandable to publish code. Personally I will not do it, but I could understand others doing it. Finally, if Eircom do not respond appropriately I plan to take this issue to the media. Should that happen I'd really appreciate some help and advice, as a sys-admin I'm not really practised at dealing with any media other than tapes and DVDs and stuff Anyhow, thanks for spreading the word and please pass this link on to any Eircom customers you know. Bart.

27-09-2007, 14:44	#37
dirtchamber Registered User Join Date: Sep 2007 Posts: 11 Adverts \| Friends	How many hours left? !!

27-09-2007, 19:59	#38
BloodSugarSex Registered User Join Date: Aug 2007 Location: Dublin Posts: 350 Adverts \| Friends	i just spotted this thread, im shocked, the last four digits of my SSID were changed already but it was on WEP, ive just changed it to WPA, thanks everybody

28-09-2007, 07:25	#42
Hobart Registered User Join Date: Jan 2002 Posts: 4,722 Adverts \| Friends	This is like a very badly written version of War Games. Most people, tbh, would not know or do not care what a wep code is. By other people taking advantage of their wireless network, they will think they have a virus, d'internet is broke, etc.... Releasing this will not bring the world to a stop, nor will it result in every house being hacked. At 12:01 today I'm hoping to have a program written that will allow me to farm multiple wireless routers (my neighbours actually) and give me a virtual upload and download speed of 10GB b 17:00 today. I will then switch off the internet ay 18:00, unless muck decides to stop this folly. You have been warned! 10 and 1/2 hours to doomsday!!

28-09-2007, 09:42	#43
dirtchamber Registered User Join Date: Sep 2007 Posts: 11 Adverts \| Friends	I reckon it should be released so Eircom have to change the way they 'secure' their Wireless Routers.

28-09-2007, 10:33	#44
bartificer Registered User Join Date: Jul 2003 Posts: 113 Adverts \| Friends	I'm going to chime in again against releasing the code. Yes, those with some good techie skillz can crack WEP trivially. But that's a pretty nerdy thing to do. Running a program is a pretty trivial thing to do. Run this, type the SSID, get the key. Just about anyone can manage that! So, although WEP provides no signifficant barrier to someone who knows what they are doing, it does deter casual would-be-leechers much more than a simple program would. Bart.