I always had concerns about Eircom’s default set up for their wireless broadband routers ever since one of my clients asked me to set one up for them. When you get a wireless router from Eircom, you are also given a disc which has a program on it to help you generate your WEP key. With the program loaded on your computer, you simply enter the serial key on the side of the router and bang, you have the WEP key - to write down and take away.
In my mind, this is a huge security risk.
Can you imagine if you had a disgruntled employee who knew about this simple hack?
Before he leaves the job that he’s just been fired from, he decides to take a quick peek into the Comms room and take down the serial key of your router. He trots off home and pops in his own copy of the Eircom CD and gets the key for your wireless network. Then he drives up outside the office later that evening and breaks into your network to cause havok. How easy was that???
For that reason, I’ve always suggested to my clients never to use the default installation for these routers.
But unfortunately for Eircom, it gets worse. What if all you needed were the 8 digits at the end of every default Eircom wireless network SSID name to generate this key and access any of the many Eircom wireless networks there are when you walk down a typical Dublin street?
Well this is now all you need. A typical eircom wireless network SSID looks something like “eircom2173 9093″. I’m sure you’ve seen one plenty of times while looking for a live wireless connection.
So now a simple webpage is all it takes to crack the network. Simply take those last eight digits, e.g. “2173 9093″ and visit a web page. A friend of mine showed me the little webpage he has created to crack the WEP code of any Eircom network, by simply having those 8 digits to hand.
There’s a good discussion going on about this situation at http://www.boards.ie/vbulletin/showthread.php?t=2055153550 and Bart voices his opinion here too, including suggestions on how to avoid being hacked here.
#1 by ross canpolat at April 15th, 2008
| Quote
my god…how thick can eircom get!
#2 by Trevor at July 11th, 2008
| Quote
this is crazy i have eircom broadband at home…..wot is that website ur on about ill have to investigate this
#3 by Jew at November 14th, 2008
| Quote
dude, you’re using WEP…… OF COURSE ITS NOT SECURE!!!!
it can be broken in minutes, like 5 minutes, and from far away, not sitting right next to your router!
#4 by ronan at January 26th, 2009
| Quote
Hi,
I have a mac and am having trouble getting it on my eircom wireless with a netopia router
i have entered my network key but it is not connecting
i have connected useing a belkin router no problem
the mac is asking for a wep password,
am i doing somthing wrong,
any suggestions?
thanks
Ronan
#5 by Tom Doyle at January 27th, 2009
| Quote
Sounds like you have the wrong key to be honest.
#6 by Jeff at November 14th, 2009
| Quote
The problem with wireless these days is that people are constantly using some form of encryption and to be honest, Eircom’s setup on the Netopia boxes are not the most secure. Basically one of the best things to do is only allow internet access via the MAC Address on your wireless network card, any other device that is not on the list does not get internet access. Also, that configure the router can only be done via a network cable connection, with a changed user name and password. The flaw with the Eircom Netopia boxes is that the page that the page Tom Doyle was referring to (http://s4dd.yore.ma/eircom/) also can give you the manufacturer’s user name and password to the box…not the Administrator’s account. This is also know as the backdoor account. Until Eircom changes their standard Netopia switches, Customer’s will suffer from people doing what’s known as “War Driving” where sad individuals can scann whilst driving and see ssids setup kindly by Eircom.
If you’re really smart with your router and understand how it works. You can changes the OS on it or download it from a 3rd party specialist. But I can’t stress enough, if you make a mess of it, it can permanently damage the Netopia box. This cannot be fixed by Eircom for free either when they inspect it.
Enjoy!!!
#7 by ft at November 15th, 2009
| Quote
Always use WPA and change the SSID.
Not hack proof but It’s at least more secure then WEP & a default SSID.
I can’t believe the amount of people in my neighborhood who have unsecured open wifi … lol