Excellent!!! Mwahahahaha!!
Hexing MAC address reveals Wifi passwords
The default WPA2-PSK passphrase used in some Belkin routers simply replaces a character of the device’s MAC address with another hecxadecimal character, according to security blogger Jakob Lell. Lell describes the situation as follows: Each of the eight characters of the default passphrase are created by substituting a …
-
-
Friday 23rd November 2012 03:41 GMT Old Handle
Re: Some models even advertise their MAC address on the case of the device!
Yeah... I thought that was a bit of a silly complaint. Some routers also allow you to attach a wired network device with no authentication! Protecting a system from someone with physical access is damn hard. I think they did the sensible thing by not trying.
The part where the password can be derived from the MAC address on the other hand... not so smart.
-
-
Friday 23rd November 2012 07:54 GMT TeeCee
Re: Some models even advertise their MAC address on the case of the device!
My thoughts entirely.
Dunno why that was in the article as it's irrelevant. The important bit is that you can get the MAC from the device remotely so whether it's printed on the side or not makes no odds, you don't need physical access to get into it if the key can be deduced from the MAC.
-
-
Friday 23rd November 2012 09:08 GMT Anonymous Coward
Re: Some models even advertise their MAC address on the case of the device!
Every piece of equipment, with a network interface, I have ever seen has a label on it with the mac address.
The reason for this is simple. It is so when you attach it to your network you can add the MAC address to any permission tables and/or DHCP servers needed to give the equipment access to your network.
-
Friday 23rd November 2012 10:26 GMT Anonymous Coward
Re: Some models even advertise their MAC address on the case of the device!
Every piece of networking equipment has a MAC address, this is a public bit of info (meaning this is broadcasted if you are in range/plugged into that network)
This is because network cards communicate to each other with their MAC addresses on a switched network. Not by their IP. OSI model..
The Wireles MAC is broadcasted with the SSID, this is how your wireless device CAN (but usually doesn't) see the difference between two AP's with the same SSID.
-
-
-
Friday 23rd November 2012 06:01 GMT zemerick
Well, at least the source article doesn't try to say you have to convert a mac address into hex.
On the down side, it also brings up the fact that these passwords are also ridiculously easy to crack since they too remain in HEX.
I can think of dozens of simple methods using even just the mac address that could result in very complex passwords involving any key on the keyboard.
Instead, they have a total of just over 4 billion possible passwords ( 8.5 billion on some models )...making a brute force easy. A standard PC is looking at less than a single day in the worst case.
-
Friday 23rd November 2012 09:26 GMT Anonymous Coward
> I can think of dozens of simple methods using even just the mac address that could result in very complex passwords involving any key on the keyboard.
Any method you came up with that was based upon the mac address would be susceptible. Once the algorithm was known it would expose all password created with that method. For example, if your method involved an md5 hash of the MAC address with a key on the keyboard (although belkin's don't have keyboards) this would only result in 102 possibilities.
> Instead, they have a total of just over 4 billion possible passwords ( 8.5 billion on some models ).
Where do you get the 4 billion from? 4 billion is 32 bits but a MAC address is 48 bits so it can't be the MAC address space. The first 24 bits of a MAC address are used to identify the manufacturer which means the search space would be 16.7 million for each address block assigned to Belkin.
-
-
Friday 23rd November 2012 06:19 GMT tony trolle
Verzion routers same
The westel DSL router 704wgb was the same: just change the last char for password.
15 tries max. lol.
And why not change the password.
Verzion loved to reset the box so you gave up changing it and the SSID
Twice in one day was the worst.
Twice in one week normal.
I have two in the junk box
-
-
This post has been deleted by its author
-
Friday 23rd November 2012 08:37 GMT ElReg!comments!Pierre
Re: Verzion routers same
"Which MAC? Wireless or Fixed? If it is wireless they this is a serious security flaw. If it is a the fixed Ethernet MAC on the home side its impact is nearly zero."
That can't be faulted. We usually call this kind of user/machine systems the "gorm-free zone" ("the zone" for short), for obvious reasons. IT professionnals of that grade are in constant demand. I wish I could make it to "the zone". I would get a higher salary, to start with.
-
Saturday 24th November 2012 04:20 GMT tony trolle
Re: Verzion routers same
Just looked in junk box . These are Actiontecs with the default WEP key made from the last 10 characters from the Wan MAC and seem to remember WEP sends the Wan MAC in the packet headers. Must be another Verzion router that changes the last character.......
BTW a lot of RoadRunner modems (thats Time Warner) are open as default.
-
Saturday 24th November 2012 19:08 GMT pixl97
Re: Verzion routers same
>Wireless or Fixed? If it is wireless they this is a serious security flaw. If it is a the fixed Ethernet MAC on the home side its impact is nearly zero.
A significant number of devices have only a single digit difference between wireless and ethernet interface. The AP I use (not a belkin), uses the same MAC for the wireless and ethernet interfaces. Only secondary (VLAN) wireless IDs have a totally different MAC assigned.
-
-
-
This post has been deleted by its author
-
This post has been deleted by its author
-
This post has been deleted by its author
-
-
-
Saturday 24th November 2012 19:11 GMT pixl97
Re: I suppose you would rather use NetGear
I would rather use D-Link or NetGear then the total POS Belkin is. They are professionals at making gear that sucks. I have a DWL3200 AP that's served me well for years. Only real issue I've had with them is if they get too hot they lose their NVRAM settings.
-
-
-
Friday 23rd November 2012 08:59 GMT Anonymous Coward
Uh, what default password?
Admittedly, I've never worked with a Belkin router, but with every kind of WiFi device I've worked with, you have to specify the WPA2-PSK password when you tell the device to, well, use WPA2-PSK encryption. And, of course, it has to be the same both for the router and for the device you attach to it. So, it doesn't make sense to have some kind of default password that is a weird string of characters on the router - you have to know what the password is, in order to specify it for the device you're going to connect to it, so why not just specify it for the router, too?
A much bigger problem is that many routers default to the insecure WEP encryption, or that they have a default password (specific for the model; I mean, it is the same for all devices of that model) for their settings - which most people never bother changing.
-
Friday 23rd November 2012 11:15 GMT Anonymous Coward
Your password is probably already in google's "cloud" in any case...
...if you use a google Nexus tablet and perhaps other Android devices, your (cleartext) WiFi password is uploaded and stored on google's servers - for your convenience, naturally - along with (presumably) other information such as the manufacturer (from MAC address), geographic location (from GPS) and so on. Quite a handy database, especially for hackers...
-
Friday 23rd November 2012 12:49 GMT Ben Tasker
Re: Your password is probably already in google's "cloud" in any case...
Link? Had a quick search but can't seem to find reference to that anywhere.
Sure, the connection password is stored in plaintext on the phone/tablet (how do you plan to authenticate with a hash?) but I can't find any reference to it being sent to Google.
Would make interesting reading if true, but I get the sense it's hyperbole
-
Friday 23rd November 2012 13:33 GMT Anonymous Coward
Re: Your password is probably already in google's "cloud" in any case...
This happens if you link your google account to the device. They are not hiding anything - it's mentioned somewhere in the small print of the options you are asked to approve during setup.
There are many links online - search for "google account wifi password" or similar, for example:
http://androidforums.com/android-applications/382763-wow-google-stores-your-saved-wi-fi-passwords-cloud.html
-
-
-
Friday 23rd November 2012 15:03 GMT Anonymous Coward
Who's complaining?
Basing a password on anything obvious-when-you-know-about-it is silly, but at least this is several obscurity steps beyond using the manufacturer's name. And how about "admin .. password" for the admin web login?
The real security scandal is not changing default passwords, whatever they are. There is no-one to blame but ourselves.