Eircom flawed WiFi

Some users reported to us that Eircom, Ireland's largest telecommunications supplier, is getting in trouble with its WiFi service offer.

In order to offer a WiFi broadband connection to its customers, the Irish company supplies a WiFi broadband router to users. As every ISP operator usually does, these routers have a factory default configuration that simply allows users to plug the router in and set up their laptop with the data supplied by the company.

Default settings include a pre-set SSID and WEP password. Almost every user leaves this default configuration unchanged.

Everything went well until recently, when a hacker discovered that algorithm used by Eircom to generate default WEP password is based on SSID set on the router. Basically, the hacker reversed this algorithm so that he can discover the right WEP keys simply knowing the SSID of the network.

This wouldn't be a big problem if sources and binaries of this key generator wouldn't be already online and if users were using it to change these settings to their own ones. Indeed this became a huge problem if we're talking about the largest ISP operator in a country and knowing that most users simply use settings supplied by the ISP.

According to RTE (Radio Telifís Eireann), up to 250.000 customers actually could get into security issues, anyone could breach their WiFi network if router settings are the factory default ones.

All Eircom users that use Netopia 3300 and 2247 series routers with default settings should immediately change SSID and WEP encryption key. A better idea would be to change the encryption from WEP to WPA/WPA2 too. In addition, MAC Authentication could be used in conjunction with WEP or WPA encryption.

A guide to secure your WiFi connection has been published by Netiopia at this address.