In October 2007 Electric News reported that a vulnerability had been discovered with Eircom supplied DSL modem/routers. This was based on some clever investigative work by Kevin Devine in September of that year. It allowed an attacker to deduce the password used to encrypt traffic between a PC and the Wi-Fi access point.
To be fair calling it a vulnerability is being overly generous – the method used to generate the passwords was totally flawed. I would expect more from a 16 year old script kiddie with a Corn Flakes packet code wheel.
As an academic exercise and to publicise the vulnerability we converted some Perl scripts to PHP and published them to our web site. Believe it or not, almost four years hence, there are still a load of routers that are vulnerable. You can even get an iPhone app for it!
If you suspect you are affected, then follow the link below and see if we can deduce your password. If you are affected contact us and we will be happy to help. You can also find DIY instructions on how to secure your Netopia router here.
Leave a Reply