Posts Tagged UPC

UPC Broadband WiFi Router susceptible to a simple brute force attack

Many Internet users in Ireland are well aware of the Eircom wireless┬árouter hack that showed just how easy it would be for someone to compromise the poor security design of some Wifi routers. In Eircom’s case, they were providing all their Broadband customers with routers that could be compromised and accessed by hackers, simply by using the digits of the routers default SSID. Hackers figured out that by using the digits set up by default when you turned on your Eircom wifi router, you could generate the routers password within seconds by compromising the poorly thought out security algorithm.

Now it seems, UPC broadband is the latest Irish broadband provider that could fall foul to potential hackers. It seems our ISPs, in an attempt I can only assume, to make the set up and install of their routers a simple task for their less tech savvy customers – does nothing but create holes for hackers to exploit.

Recently an Irish IT company, discovered that UPC’s broadband routers are susceptible to a brute force attack based on the algorithmn used to generate the passwords that they stick to the back of all their routers.

The hack is definitely not as easy to exploit as the one Eircom introduced, but it’s still very attainable to any serious hacker or even a hobbyist who just wants to leech their neighbours broadband connection.

Check out the article from PlanIT Computing on how UPC’s routers can be exploited and what you can do to prevent an attack on you.

http://www.planitcomputing.ie/blog/?p=325

Tags: , , , , , , , , , , , ,

No Comments

UPC eBilling Registration & Sign Up Process

NTL Communications (Ireland) Limited
Image via Wikipedia

I got a letter in the post today with my standard UPC / NTL bill suggesting that I go online and register for their new eBilling system. This would mean that I would no longer receive paper bills to my home address, but instead I would receive a text message when my new bill was available online.

All I had to do was simply go online and register my details to start using this system straight away. Since I use the Internet everyday, this solution sounded great to me.

Upon visiting the UPC website, I thought that since they had sent out these letters with their monthly bills, that it would be quite obvious when you visited there website where to register your details. Unfortunately, they hadn’t got any large graphic to entice me to register, so I had to look a little harder to find what I was looking for.

After clicking the button for the eBilling registration, it brought me to a page where it informed me that I needed to register for an an account on the UPC website, which is fair enough. When you entered the registration page – it asked you to enter your customer number and surname. The problem was that your customer number, isn’t to be entered as it appears on your bill. They do mention this fact above the form, but they could have made this a lot more intuitive by including beside the field in which the number had to be entered.

That’s not what annoyed me most anyway… I continue…..

After filling out this form, I was presented with a new form where it asked me to enter my personal information. It looked pretty straight forward so I started to fill it in. Then I came to the security question, I have never seen such a ridiculous choice of questions.

drop-down

1. I don’t have a favourite band… I like a lot of bands…
2. I don’t have a favourite book, I have many
3. Teacher?? I don’t remember liking any teacher when I was at school!
4. Food/Drink….. Still don’t have a favourite
5. TV Show??? I hardly ever watch TV unless it’s football
6. I find it hard to remember my own mobile number at this stage, god forbid trying to remember a number from my childhood!!

Ok that’s fine, if I must – I’ll just enter one of my favourite bands, sure it’s not as if I’m ever going to forget my password is it?

I started typing my selected band into the answer field and this is where we see another ridiculous example of bad usability. Yes, the form field was in fact a password field. So even if I did have an answer, God knows what I actually put in that field, because all I could see were a serious of hashed out characters.

I continue on, as I’m not too concerned about this aspect anyway. Next stop “Work Phone Number”… I thought to myself, “I don’t ever want them contacting me in work, they can shag off, they’re not getting that number”. I proceeded to fill in the rest of the form and hit the register button.

ERROR!!! “You must fill in your work number” –

Huh??? Why??? What do you need that for???
So I decided to put in NA…

ERROR!!! “You must enter a number between 7 and 11 characters long”.

I obviously resorted to putting in a dodgy number, possibly some other poor soul who will get phone-calls from UPC for God knows what.

UPC, you need to take a serious look and your registeration process!!

Tags: , , , , ,

No Comments