I always had concerns about Eircom’s default set up for their wireless broadband routers ever since one of my clients asked me to set one up for them. When you get a wireless router from Eircom, you are also given a disc which has a program on it to help you generate your WEP key. With the program loaded on your computer, you simply enter the serial key on the side of the router and bang, you have the WEP key - to write down and take away.
In my mind, this is a huge security risk.
Can you imagine if you had a disgruntled employee who knew about this simple hack?
Before he leaves the job that he’s just been fired from, he decides to take a quick peek into the Comms room and take down the serial key of your router. He trots off home and pops in his own copy of the Eircom CD and gets the key for your wireless network. Then he drives up outside the office later that evening and breaks into your network to cause havok. How easy was that???
For that reason, I’ve always suggested to my clients never to use the default installation for these routers.
But unfortunately for Eircom, it gets worse. What if all you needed were the 8 digits at the end of every default Eircom wireless network SSID name to generate this key and access any of the many Eircom wireless networks there are when you walk down a typical Dublin street?
Well this is now all you need. A typical eircom wireless network SSID looks something like “eircom2173 9093″. I’m sure you’ve seen one plenty of times while looking for a live wireless connection.
So now a simple webpage is all it takes to crack the network. Simply take those last eight digits, e.g. “2173 9093″ and visit a web page. A friend of mine showed me the little webpage he has created to crack the WEP code of any Eircom network, by simply having those 8 digits to hand.
There’s a good discussion going on about this situation at http://www.boards.ie/vbulletin/showthread.php?t=2055153550 and Bart voices his opinion here too, including suggestions on how to avoid being hacked here.