Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

UPC WPA2 cracked by android app ?

  • 04-12-2012 9:09pm
    #1
    Registered Users, Registered Users 2 Posts: 6,782 ✭✭✭


    Quick question.

    I happened to be browsing my cisco modem settings tonight and noticed 2 android devices on my connected clients list. There are no android devices in the house yet so I must assume someone else is on it. Host name starts with android in title.

    I added both Mac addresses to the access deny list but I want to know if the cisco modem EP2425 can be easily cracked just like the eircom one when it had WEP.

    I am using WPA2+TKIP/AES and have disabled WPA. I am also using homeplugs but they should be secure as I added my 2 devices to their own list (in provided software). I am wondering if this was their gateway to my settings. Password set also on my modem.


Comments

  • Registered Users, Registered Users 2 Posts: 3,772 ✭✭✭jameshayes


    you sure about no android devices? Media players? Kindle Fire?


  • Registered Users, Registered Users 2 Posts: 6,782 ✭✭✭Damien360


    jameshayes wrote: »
    you sure about no android devices? Media players? Kindle Fire?

    100% sure. I have a nexus 7 for wife as Xmas pressie. Turned it on and confimed it's Mac address and connection. Powered down fully and it disappeared off the connected devices.


  • Registered Users, Registered Users 2 Posts: 6,782 ✭✭✭Damien360


    Just found one of the MAC addresses I blocked.

    It was an Ipod touch which is iOS. When it reconnected after I unblocked it's MAC, it has no name in host for DHCP but if I connected using Static IP address on iOS then the lease does not renew and host name is STATIC IP.

    Long shot but could my MAC address of ipod be emulated to get on to network on android device ? They would still need my WPA2 password.


  • Banned (with Prison Access) Posts: 25,234 ✭✭✭✭Sponge Bob


    Could be the wifi chip for an iPod or a genuine Android device is made by one manufacturer eg Qualcomm or Broadcom and that the UPC device assumes they are Android based on the MAC address range assigned (as they are) to the chipset manufacturer.

    In other words right wifi chip manufacturer...wrong assumption.

    Or else the hacker clones the MAC address, you would need some extra evidence that only you would know. Was the iPod on at the time or in the previous 24 hours


  • Registered Users, Registered Users 2 Posts: 6,782 ✭✭✭Damien360


    Sponge Bob wrote: »
    Could be the wifi chip for an iPod or a genuine Android device is made by one manufacturer eg Qualcomm or Broadcom and that the UPC device assumes they are Android based on the MAC address range assigned (as they are) to the chipset manufacturer.

    In other words right wifi chip manufacturer...wrong assumption.

    Or else the hacker clones the MAC address, you would need some extra evidence that only you would know. Was the iPod on at the time or in the previous 24 hours

    Yes the ipod had been on in previous 24 hours but I was looking at the connected devices screen on UPC router which tells me currently connected wifi devices.

    When I reconnected ipod it does not have a host name but does have mac address and IP address so pretty sure it was not the ipod which was connected.

    Even if my MAC address was cloned that would still leave them requiring my WPA2 password.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 7,034 ✭✭✭zg3409


    If your WPA2 password is 8 characters or less then increase the number of characters and add some random symbols.

    Generally WPA2 is very, very heard to break is you have a random password more than 8 characters.

    As other have said it may actually be a valid device you own. Reboot the router, sometimes they can show devices as connected that have not been used for ages.

    As if the device has a password option for the administrator page then change that too.

    The only practicaly way I think someone could be using your connection was if the password was one of the top 10,000 or 100,000 passwords and they automatically guessed it using automated software.


  • Registered Users, Registered Users 2 Posts: 2,217 ✭✭✭MBSnr


    My router lists all connected devices and I was puzzled by a connection which turned out to be the Ethernet connection to the Sky box...!

    Are you sure that it's only showing the Wi-Fi ones in connected devices. Could it be the Homeplug Ethernet connection?


  • Closed Accounts Posts: 18,056 ✭✭✭✭BostonB


    An TV's connected?


  • Registered Users, Registered Users 2 Posts: 10,580 ✭✭✭✭Riesen_Meal


    Could you have had any friends or relatives connect maybe their mobiles via the wifi?

    As far as I remember that router keeps logs forever, one in my mothers house, has logs from ages ago on there....

    The only wifi cracking app on android is only WEP capable, I could be wrong though, I havent done much reading up in that department in a while... :P


  • Registered Users, Registered Users 2 Posts: 3,739 ✭✭✭Stuxnet


    You'd be safer enabling MAC filtering on your router, and add your own devices to the whitelist,

    also for an added layer of protection from n00bie hackers, disable broadcast of your SSID, and change its default name, this will hide your SSID, but obviously its still there, only devices that know the name of it and are on your mac address white list will be able connect


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 13,016 ✭✭✭✭vibe666


    zg3409 wrote: »
    Generally WPA2 is very, very heard to break is you have a random password more than 8 characters.
    you'd be surprised how easy it can be for someone who is determined enough to break into it, even with 8 characters. a good long passphrase with upper and lowercase letters, number & symbols is the key, along with making some other simple changes to your config to make it more difficult.

    the trick is the same with any area of home security. you just make yourself a much more difficult target and they'll go elsewhere.

    also, just because it's an android device connecting, doesn't mean it was cracked with that device.

    there's a good article on exactly how people are likely to crack your wifi password and the best ways to secure your network here: http://www.smallnetbuilder.com/wireless/wireless-howto/31914-how-to-crack-wpa-wpa2-2012


  • Registered Users, Registered Users 2 Posts: 507 ✭✭✭mark17j


    Hi OP, I have the 2425 also, and noticed a device connected to mine about a month ago, I just use 1 pc on the wifi, I do not use phones or any other devices on it. I clicked on "Access control" in modem settings and this connected device had a blank host name with a client id. I was using the default UPC password at the time with WPA PSK security/ AES Encryption. I changed the password to something very long and it has kept them out since.


  • Registered Users, Registered Users 2 Posts: 6,782 ✭✭✭Damien360


    zg3409 wrote: »
    If your WPA2 password is 8 characters or less then increase the number of characters and add some random symbols.

    Generally WPA2 is very, very heard to break is you have a random password more than 8 characters.

    As if the device has a password option for the administrator page then change that too.

    It is a UPC device and when UPC sends a re-boot for new firmware to it, it reverts back to default password which is a pain in the ass. Device password for admin changed from none to 10 letter and number combo many moons ago
    MBSnr wrote: »
    My router lists all connected devices and I was puzzled by a connection which turned out to be the Ethernet connection to the Sky box...!

    Are you sure that it's only showing the Wi-Fi ones in connected devices. Could it be the Homeplug Ethernet connection?

    I was looking in the wifi connections only.
    BostonB wrote: »
    An TV's connected?

    Samsung TV but not Wifi and disconnected from ethernet a year ago
    mark17j wrote: »
    Hi OP, I have the 2425 also, and noticed a device connected to mine about a month ago, I just use 1 pc on the wifi, I do not use phones or any other devices on it. I clicked on "Access control" in modem settings and this connected device had a blank host name with a client id. I was using the default UPC password at the time with WPA PSK security/ AES Encryption. I changed the password to something very long and it has kept them out since.

    The apple devices have a blank host name. I changed my UPC router settings to WPA2 only, but password is still same. SSID is broadcast for ease of use. Some devices struggle to find it when not broadcasting (my blackberry phone). Might ask UPC to change the password and send it to firmware so it remains changed.

    Next door neighbour is an IT graduate from DIT Kevin St., so I have my prime suspect but it would not be neighbourly to accuse him.


  • Banned (with Prison Access) Posts: 25,234 ✭✭✭✭Sponge Bob


    As UPC send out firmware about once a year they therefore leave their customers networks exposed once a year. :(


  • Closed Accounts Posts: 18,056 ✭✭✭✭BostonB


    Sponge Bob wrote: »
    As UPC send out firmware about once a year they therefore leave their customers networks exposed once a year. :(

    If you turn off Wifi on the UPC box and connect a better 3rd party wifi router. I assume that avoids that problem.


  • Registered Users, Registered Users 2 Posts: 6,782 ✭✭✭Damien360


    BostonB wrote: »
    If you turn off Wifi on the UPC box and connect a better 3rd party wifi router. I assume that avoids that problem.

    That sounds like a plan. But I have phone line from UPC also. Any issues with router after modem with UPC phoneline ?

    What about this from netgear

    http://www.netgear.com/home/products/wirelessrouters/simplesharing/WNR1000.aspx#two

    It's available from Elara with ok price

    http://www.elara.ie/productdetail.aspx?productcode=MME0711942


  • Registered Users, Registered Users 2 Posts: 7,034 ✭✭✭zg3409


    Personally I have disabled wireless years ago and I use a seperate unit. The BEST UNIT IN THE WORLD to use is one that uses open source software.

    I would recommend searching ebay for "LINKSYS CISCO E3000 DUAL BAND GIGABIT WIFI N ROUTER REPEATER DD-WRT MEGA"

    For less than 100 Euro you can get a world class unit with brilliant software and features. The UPC phone line will still work fine.

    I have used this and similar units and nothing compares to them.


  • Registered Users, Registered Users 2 Posts: 6,782 ✭✭✭Damien360


    zg3409 wrote: »
    Personally I have disabled wireless years ago and I use a seperate unit. The BEST UNIT IN THE WORLD to use is one that uses open source software.

    I would recommend searching ebay for "LINKSYS CISCO E3000 DUAL BAND GIGABIT WIFI N ROUTER REPEATER DD-WRT MEGA"

    For less than 100 Euro you can get a world class unit with brilliant software and features. The UPC phone line will still work fine.

    I have used this and similar units and nothing compares to them.

    All these are US based. Not a big deal but I do not want to deal with customs. I am sure items of this value would stand out


  • Registered Users, Registered Users 2 Posts: 10,407 ✭✭✭✭justsomebloke


    OP would it not be an idea just to change your password and then reconnect each device one at a time and take note of what they come up as on your router


  • Registered Users, Registered Users 2 Posts: 6,782 ✭✭✭Damien360


    OP would it not be an idea just to change your password and then reconnect each device one at a time and take note of what they come up as on your router

    The issue with that.... when the router re-boots for any reason whatsoever, it reverts to old password and I have to re-connect using laptop, change setting and re-change password.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 13,016 ✭✭✭✭vibe666


    Damien360 wrote: »
    All these are US based. Not a big deal but I do not want to deal with customs. I am sure items of this value would stand out
    i'll second the vote for the Linksys E3000 and 3rd perty firmware, but there's no need to go to the US for them. most Irish tech suppliers will stock them and it's very easy to re-flash with a 3rd party firmware yourself in a few minutes.

    personally i favour the tomato firmware, but there are other firmwares out there as well (openWRT springs to mind, but i'm sure there are others) besides DD-WRT which i personally don't favour after having some issues with older versions of it, not to mention the controversy over the guy who develops it. he's not a pedo or anything like that, afaik he ended up screwing some of the other devs to make money off it.

    awesome router though and has all the hardware you could want in a router (gigabit ports, dual band, dual radio 300mbps wifi, decent cpu and ram etc.), so a good 3rd party firmware can make the most of it.


  • Registered Users, Registered Users 2 Posts: 6,782 ✭✭✭Damien360


    Thanks for that vibe666

    I can only find the E2000 from elara at a good price. Spec appears to be very similar/same ?

    http://www.elara.ie/productdetail.aspx?productcode=ECE2081490

    The E3000 is only available second-hand from amazon uk. It appears to be superceded by the E2500 (dual-band) from linksys which is €95 from elara and between 69 and 95 euro from amazon depending on model

    http://www.amazon.co.uk/s/ref=nb_sb_noss?url=search-alias%3Daps&field-keywords=linksys+router+e2500


  • Registered Users, Registered Users 2 Posts: 7,034 ✭✭✭zg3409


    Hi Damien,

    The E3000 seems to be out of production now.
    I would not use another unit until you comfirm compatability with open source software. This is because it normally adds features and is generally 100% rock solid 24/7 uptime.

    There are 3 main types of software recommended
    1) DD-WRT
    2) Open-WRT
    3) Tomato USB
    You should confirm the device is compatable ideally with all 3 so you can pick and choose. DDWRT is probably easist to install, Tomato is probably best for common uses, and Open WRT more for tinkerers.

    Also you should ensure the device has all the lastest features such as:
    1) Gigabit ethernet with more than one power and a WAN and LAN port
    2) 5Ghz wireless and 2.4Ghz wireless
    3) The ability to use both bands at full speed at the exact same time
    4) Any other features you may need such as external removable aerials etc
    5) Lots of RAM and Flash etc to store the software
    6) Ideally a USB port for more storage (some allow a hard drive to work as a NAS), or a shared USB printer
    7) Tested and confirmed to be rock solid

    I will try come up with the latest recommended model. By the way you don't want an ADSL modem inbuilt for UPC


  • Registered Users, Registered Users 2 Posts: 18,984 ✭✭✭✭kippy


    Christ, this thread has meandered some what.
    OP asks question, question answered (within reason) Either these are "old devices" OR they are some other device that is legitmately on your network but has been picked up wrong and then people advise the OP to buy a new router.....
    Maybe the OP wants a new router, based on this thread though I really don't know why.


  • Registered Users, Registered Users 2 Posts: 7,034 ✭✭✭zg3409


    I had a look at cross compatability. The E3000 is still the best. Newer models don't work as well. Personally I would go for a secondhand or US E3000 with DDRWT pre-installed. Afterwards you then have the option of looking at the other firmwares.

    Often the newest model of equipment has glitches for a year or two until all the glitches are ironed out.


  • Registered Users, Registered Users 2 Posts: 7,034 ✭✭✭zg3409


    kippy wrote: »
    Maybe the OP wants a new router, based on this thread though I really don't know why.

    Quickly, It is near impossible to change the password on the UPC unit.
    Also the UPC unit (depending on model) can not operate on 5Ghz and 2.4Ghz at the same time. Thus if you have one laptop on 5Ghz and another on 2.4Ghz the radio is switching bands all the time. The model recommended could be three times faster in that situation.

    Asking the UPC Cable modem to be a wireless router is a bit of a stretch. A seperate unit is much faster, more reliable, can log statistics, work with storage and printers etc etc. It can act as a VPN to give a UK IP etc. etc.

    In this given situation I would be able to see how much that unknow device had downloaded, log what I.P.s they connected to, and do a reverse DNS lookup to see what websites were being viewed. It would have answered the question as to who the unknown device belongs.

    For serious users a cable is best, next best is a world class wireless router. I have up to 10 computers on my network, both wired and wireless.


  • Registered Users, Registered Users 2 Posts: 18,984 ✭✭✭✭kippy


    zg3409 wrote: »
    Quickly, It is near impossible to change the password on the UPC unit.
    Also the UPC unit (depending on model) can not operate on 5Ghz and 2.4Ghz at the same time. Thus if you have one laptop on 5Ghz and another on 2.4Ghz the radio is switching bands all the time. The model recommended could be three times faster in that situation.

    Asking the UPC Cable modem to be a wireless router is a bit of a stretch. A seperate unit is much faster, more reliable, can log statistics, work with storage and printers etc etc. It can act as a VPN to give a UK IP etc. etc.

    In this given situation I would be able to see how much that unknow device had downloaded, log what I.P.s they connected to, and do a reverse DNS lookup to see what websites were being viewed. It would have answered the question as to who the unknown device belongs.

    For serious users a cable is best, next best is a world class wireless router. I have up to 10 computers on my network, both wired and wireless.
    Indeed, for 99% of the population however, the supplied UPC cable modem is grand for their needs, and in the case of this user with his specific "issues" I don't see why recommending a new router is the best course of action, especially when the user would have to do some work in order to get their new router setup correctly for their environment, as opposed to the UPC one which is generally setup when it comes out of the box.....

    I know exactly what you are saying, there are better out there for a bit of an investment, but is this going to be worth it for the OP? I think not.


  • Registered Users, Registered Users 2 Posts: 6,782 ✭✭✭Damien360


    OP here:

    I am a bit better than the average user at networking etc as I do it as part of my job (not IT).

    I would like to block out the unknown user from my network from a privacy point of view. i.e. If they are downloading porn from my UPC connection, then I get the heat from it should it turn out to be very nasty. It will be considered my content.

    Changing the UPC password is not workable, as it reverts to original on re-boot, which it appears to be doing a lot of lately (twice a week for no reason). Changing my wireless access point is an option I would like to try and it opens up new possiblities.

    The custom firmware is not really necessary. A good device which is future proofed at a good price.

    UK IP is a nice option but i can do that with a windows program for the PC's. Would be nice addition to wireless devices but not essential.

    Central printer is for the future when my existing HP 940 gives up and this was discussed as essential to have wireless printing for our next printer purchase.

    NAS storage is something I want soon and i was not aware that USB storage was a usable option. I always thought it had to be a LAN port device.

    A replacement wireless router would solve the privacy issue and would open a new world of options further down the road.


  • Closed Accounts Posts: 18,056 ✭✭✭✭BostonB


    kippy wrote: »
    Indeed, for 99% of the population however, the supplied UPC cable modem is grand for their needs, and in the case of this user with his specific "issues" I don't see why recommending a new router is the best course of action, especially when the user would have to do some work in order to get their new router setup correctly for their environment, as opposed to the UPC one which is generally setup when it comes out of the box.....

    I know exactly what you are saying, there are better out there for a bit of an investment, but is this going to be worth it for the OP? I think not.

    Define grand? A new router gives

    1) a permanent fix to the security issue. (the OP original issue?)
    2) is faster


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 18,984 ✭✭✭✭kippy


    BostonB wrote: »

    Define grand? A new router gives

    1) a permanent fix to the security issue. (the OP original issue?)
    2) is faster
    What security issue? Faster, really?


  • Registered Users, Registered Users 2 Posts: 7,034 ✭✭✭zg3409


    Damien360 wrote: »
    UK IP is a nice option but i can do that with a windows program for the PC's. Would be nice addition to wireless devices but not essential.

    This software would allow many many devices to all use the same VPN. In theory it could be set up to give an Irish IP for say RTE and a UK IP for specific websites etc.
    Central printer is for the future when my existing HP 940 gives up and this was discussed as essential to have wireless printing for our next printer purchase.

    With the right device, firmware and printer you plug a USB printer into the router and it then becomes a "wireless" network printer. It is connected by a cable though, but you could then print from any device in the house to it. No need for a new printer, depending on the model.
    NAS storage is something I want soon and i was not aware that USB storage was a usable option. I always thought it had to be a LAN port device.
    Again depending on compatbility etc the special firmware handles all the changes. However nearly ever router only has one USB port, so printer OR NAS, not both, however you could just by a NAS caddy which would do the same using ethernet.

    These are all features on very expensive routers, but with special software much cheaper routers can manage all the above. If you buy router with software pre-installed then it is just a matter of clicking on options.


  • Registered Users, Registered Users 2 Posts: 6,782 ✭✭✭Damien360


    zg3409 wrote: »
    This software would allow many many devices to all use the same VPN. In theory it could be set up to give an Irish IP for say RTE and a UK IP for specific websites etc.



    With the right device, firmware and printer you plug a USB printer into the router and it then becomes a "wireless" network printer. It is connected by a cable though, but you could then print from any device in the house to it. No need for a new printer, depending on the model.


    Again depending on compatbility etc the special firmware handles all the changes. However nearly ever router only has one USB port, so printer OR NAS, not both, however you could just by a NAS caddy which would do the same using ethernet.

    These are all features on very expensive routers, but with special software much cheaper routers can manage all the above. If you buy router with software pre-installed then it is just a matter of clicking on options.

    That just leaves which device if E3000 is out of production. Cost is an issue and I can cope with €60 to €100 max.


  • Closed Accounts Posts: 18,056 ✭✭✭✭BostonB


    kippy wrote: »
    What security issue? Faster, really?

    Yes.


  • Registered Users, Registered Users 2 Posts: 7,034 ✭✭✭zg3409


    Damien360 wrote: »
    That just leaves which device if E3000 is out of production. Cost is an issue and I can cope with €60 to €100 max.

    New ones (refurbished) are available from US, secondhand from UK. Newer models don't seem compatable will all 3 versions of software. I have 2 units in use (and one spare) but I don't really want to part with it.

    The danger with manufacturers software is that if a serious glitch is found in a year or two they probably won't bother patch it. Also often the newest models are full with bugs which take a few years to get ironed out. The only really stable software is usually a few years old and has not been full tested or customised for the lastest models.

    In your price range if you want brand new from Ireland, you would not be able to get what you want.


  • Registered Users, Registered Users 2 Posts: 13,016 ✭✭✭✭vibe666


    also worth noting is that not all dual band routers are also dual radio like the e3000 is (such as the thompson router with UPC) so you'd be stuck with either 5ghz or 2.4ghz, not both at the same time.

    i wish i'd known they'd planning on stopping making them, i might have bought a 2nd one as a spare, it's a great piece of hardware.


  • Advertisement
Advertisement