Eircom Netopia Routers Are Wide Open

Cabaal

Hobart wrote:

Headline item on 10:00am this morn on the Rte Radio 1 news. They also wheeled out some security expert on the PK show to dampen down the hysteria.

Its made the RTE website too http://www.rte.ie/news/2007/1002/eircom.html

Eircom says it will be getting in touch with up to 250,000 of its customers following concerns about security on its wireless modems.

The security flaw means that hackers could access wireless connections without the knowledge of the account holder.

The issue affects the Netopia 3300 and 2247 series routers.

Wireless broadband systems have always been vulnerable to abuse because other people besides the subscriber can use the Internet connection.

An Eircom spokesman said it would take someone with technical expertise to be able to 'piggy back' on someone else's broadband.

However he said that if it were to happen the account holder could be held responsible for the websites visited by a hacker.

He advised customers to change the four-digit security personal identification number provided with their wireless modems in order to provide a basic level of security.

But he pointed out that no wireless system offered complete protection from abuse.

Instructions on how to improve security are available on Eircom's broadband website.

I'm abit taken back by Eircom's response on this

An Eircom spokesman said it would take someone with technical expertise to be able to 'piggy back' on someone else's broadband.

However he said that if it were to happen the account holder could be held responsible for the websites visited by a hacker.

This is technically not true, its Eircom's security flaw and imho they could have been quicker to act on this, I can't see Eircom's defense being bulletproof in a court of law

pid()

Eircom are saying that changing the SSID is a fix for this issue. Christ above.... it's the MAC address like.

bartificer

Average Joe wrote:

Bart, did you read the code i wrote for exploiting this problem?

You say - as does lonewolf, and many others now i see on blogs - that changing the SSID helps defeat the exploit, which is incorrect.

The program I was given takes an SSID as input so it is defeated by changing the SSID.

Average Joe wrote:

I acknowledge you recommending to switch over to WPA, but changing the SSID does nothing to improve the security of the router.

i admit it is probably less of a target..but not entirely, those with the knowledge will still try connecting to it anyway.

The serial number is in the MAC, and its a waste of time converting the SSID to serial number. you don't need the SSID, everything is in the MAC!!

Ah ... right ... that's different! I'll update my posts so.

Cheers for pointing that out.

Bart.

Sponge Bob

Its been VERY well known since April 2007 that WEP is 'as much use as a chocolate teapot' .

Arguably, in product liability terms, it has been MUCH too dangerous to the end user to provide any device with WEP enabled and with Wireless switched on since then ....or even arguably since 2005 . Each advance in the technology reduces the time it takes to defeat the WEP security.

WEP has been very crackable for years but the ease and speed of the crack has undergone a very considerable upramp since April 2007 .

BaconZombie

It's on the The Irish Times front-page as well...,

http://www.ireland.com/newspaper/frontpage/2007/1002/1191223002351.html

BaconZombie

Digg it up:

http://digg.com/security/Eircom_s_Response_to_the_Security_Issues_Recently_Raised

rash

Eircom have a security alert up on their website now

bartificer

pid() wrote:

Eircom are saying that changing the SSID is a fix for this issue. Christ above.... it's the MAC address like.

Where are they saying that? I just checked their site and they tell people to do one of two things (at least on the page I found):

1) Change your WEP key
2) Switch to WPA and change to a long key

So, unless I'm missing something Eircom are giving the right advice.

Bart.

bartificer

bartificer wrote:

Ah ... right ... that's different! I'll update my posts so.

I've clarified my posts. None of them actually told people to ONLY change their SSID but a bit more clarity is no harm.

Bart.

pid()

bartificer wrote:

Where are they saying that? I just checked their site and they tell people to do one of two things (at least on the page I found):

1) Change your WEP key
2) Switch to WPA and change to a long key

So, unless I'm missing something Eircom are giving the right advice.

Bart.

It was in the article on RTE's site. They have updated it now.

bartificer

Sponge Bob wrote:

Its been VERY well known since April 2007 that WEP is 'as much use as a chocolate teapot' .

Arguably, in product liability terms, it has been MUCH too dangerous to the end user to provide any device with WEP enabled and with Wireless switched on since then ....or even arguably since 2005 . Each advance in the technology reduces the time it takes to defeat the WEP security.

WEP has been very crackable for years but the ease and speed of the crack has undergone a very considerable upramp since April 2007 .

LMAO, love the analogy!

Yea, the new ARP traffic pumping trick released in April really was the final nail in WEP's coffin.

Voipjunkie

It doesn't matter because unless Eircom actually come out and do it for people there will be thousands of these floating around for the next couple of years.

Sponge Bob

The ' pump' is Linux only Bart. The windows one does not ' pump'

The difference , however, is 4 mins to crack in windows and 1-2 mins to crack in Linux .

bartificer

Voipjunkie wrote:

It doesn't matter because unless Eircom actually come out and do it for people there will be thousands of these floating around for the next couple of years.

Well, Eircom have undertaken to directly contact all their affected customers with the information. After that it really is up to the customers to choose to care. You can't really hold Eircom responsible for that!

Bart.

bartificer

Sponge Bob wrote:

The ' pump' is Linux only Bart. The windows one does not ' pump'

The difference , however, is 4 mins to crack in windows and 1-2 mins to crack in Linux .

Well, yea, just Moore's law is enough to keep making WEP more and more broken

I just love the simplicity and the effectiveness of the ARP pumping. You can't help but admire the beauty of it.

Bart.

BaconZombie

rash wrote:

Eircom have a security alert up on their website now

Support Website is Offline....

http://www.broadbandsupport.eircom.net wrote:

msxml3.dll error '80072ee2'

The operation timed out

/Default.asp, line 8

Mailman

I went back to my USB modem provided by my ISP a few months ago as I figured the Eircom router was more trouble than it was worth and was constantly susceptible to trespass and consuming electricity with the massive heat coming off both the router and it's power supply.
I work from my PC in preference to my Laptop anyhow.

The only thing that prevented people from hacking in was the atrocious range on the device.

Voipjunkie

bartificer wrote:

Well, Eircom have undertaken to directly contact all their affected customers with the information. After that it really is up to the customers to choose to care. You can't really hold Eircom responsible for that!

Bart.

They should never have used WEP in those routers it was broken before they started pushing them.
The point is that WEP WPA SSID TKIP etc is Chinese to most people (except Chinese people)

copacetic

This was a lead item on todays television news at 1, available online.

standbyme

Jeez the first i heard of it was on Ray D'arcy's show,
but i didnt really catch the whole lot of the news item as they didnt have their news jingle as it went straight from Ray to the news &
considering they had Mario Rosenstock on before the news,
i didnt take much notice & decided to listen to my local station instead for news on this serious item.

I tried to log onto Eircom's site for advice but should have realised the site is 'under maintenance' understatement of the year,
found this link as well saying

The problem was first revealed on a post to the popular Boards.ie discussion website over the weekend.

& this bit hilarious mentioning

The text used includes eight snippets of lyrics from guitar legend Jimi Hendrix.

Sorry if that was a bit long but when a radio show gives a small description without a follow up, panicked me as i have a wireless modem/router & couldnt log onto broadbandsupport... offline or busy, i just went onto eircom website & got the link for wireless working

I had the wireless working for my brother's laptop as he doesnt have broadband, but im now checking the website, but some of it does look technical esp reconfigure your wireless connection!

TelePaul

standbyme wrote:

Jeez the first i heard of it was on Ray D'arcy's show,
but i didnt really catch the whole lot of the news item as they didnt have their news jingle as it went straight from Ray to the news &
considering they had Mario Rosenstock on before the news,
i didnt take much notice & decided to listen to my local station instead for news on this serious item.

I tried to log onto Eircom's site for advice but should have realised the site is 'under maintenance' understatement of the year,
found this link as well saying & this bit hilarious mentioning

Sorry if that was a bit long but when a radio show gives a small description without a follow up, panicked me as i have a wireless modem/router & couldnt log onto broadbandsupport... offline or busy, i just went onto eircom website & got the link for wireless working

I had the wireless working for my brother's laptop as he doesnt have broadband, but im now checking the website, but some of it does look technical esp reconfigure your wireless connection!

I know whatcha mean. Not very computer literate at all here! The guys here really know their stuff, so lads maybe I can ask...what's my best bet, WPA? I found a link on the eircom site about how to set that up.

BobTheBeat

WPA with mac address filtering is probably the most secure for your purpose.

bartificer

TelePaul wrote:

I know whatcha mean. Not very computer literate at all here! The guys here really know their stuff, so lads maybe I can ask...what's my best bet, WPA? I found a link on the eircom site about how to set that up.

Yes, WPA is better than WEP but only if you use a strong password, i.e. a LONG one. I like to use the generator at GRC: https://www.grc.com/passwords.htm

I save the key in a text file on a pen-drive and just copy and paste it as needed.

Bart.

TelePaul

bobmeaney wrote:

WPA with mac address filtering is probably the most secure for your purpose.

I have to apologise, 99% of this thread has gone over my head....all I really got from it is that Netopia routers are easy to hack. I can change to WPA but I'm not sure what you mean about mac address....

BobTheBeat

Sorry Telepaul, its basically a table that contains entries for mac addresses. A mac address is the actual physical hardware address of your wireless card. When you setup mac address filtering you basically input all of the mac addresses (of all of the wireless cards) that you want to allow access to your network. What model netopia do you have?

bartificer

TelePaul wrote:

I have to apologise, 99% of this thread has gone over my head....all I really got from it is that Netopia routers are easy to hack. I can change to WPA but I'm not sure what you mean about mac address....

I wouldn't worry about MAC address filtering. WPA takes a lot of time and effort to break (IF you have a long random password). MAC locking is very easy to get around. So, the big thing is to switch to WPA with a strong password. I don't MAC lock my network and I'm rather paranoid about security.

Bart.

standbyme

bobmeaney wrote:

WPA with mac address filtering is probably the most secure for your purpose.

Thanks as that's not mentioned on eircom's site as all it has Change Privacy to WPA - PSK

Was that mentioned here recently, that doing that isnt that secure as im trying to read up on all the threads here & getting bogged up on all the info, but hopefully will get there slowly but surely

PS. i've disabled the wireless for the time being, until someone wants to use it, & hopefully use the info collected here for future use.

watty

As said earlier, mac filtering no longer works. If you can use Google to put together your "crack WEP in 5mins kit" then sniffing ARP (which windows does lots) to get an allowed MAC and spoof it is not hard.

standbyme

That's ok, as i thought you had to do that as well to enable WAP on your Netopia router, so no need to do that.

On the link given, what privacy should the WAP be set up for when i have to use the wireless, as i dont think i'll be able to get thru CustSupt if theyre busy.

Thanks.

BobTheBeat

Well arp spoofing is an age old modus operandi for intruders of course,but its the combination of the two methods (WPA and mac filtering) that makes it a good security solution.

Agreed, that it is perhaps overly protective,but again horses for courses.