X
Innovation
Home Innovation

Breaking wireless keys in a Jimi

Just had a most excellent email from a correspondent, who reports a top hack from the Emerald Isle. It seems that Irish ISP Eircom has been shipping Netopia wireless routers to its punters, and as is common and sensible these days they come with WEP enabled.
Written by Rupert Goodwins, Contributor

Just had a most excellent email from a correspondent, who reports a top hack from the Emerald Isle. It seems that Irish ISP Eircom has been shipping Netopia wireless routers to its punters, and as is common and sensible these days they come with WEP enabled.

So far, so good. The trouble is, how do you generate the key? You can't ship the same key with each router - that would rather ruin the fun - so you have to generate a unique one for each. But it's expensive and difficult to customise by hand the information you send to each punter.

Eircom decided to generate the WEP key automatically and ship the software that does this with the routers. In theory, that can be a safe thing to do, providing you use the right mathematics.

What you don't do is come up with some half-arsed scheme that creates the WEP key by mashing together the serial number of the router, which is in any case derived from the MAC or router Ethernet address, and some text - especially if you then broadcast the MAC, slightly disguised, as the router's SSID - the name by which a wireless router identifies itself on the air.

The result is that some bright spark will ponder on this for a while, then come up with a little program that instantly generates the WEP key when fed with the SSID.

I have the details here. I won't put the source code or exact algorithm up: suffice it to say it involves the lyrics from Third Stone From The Sun, by Jimi Hendrix - viz.

"with your superior cackling hen," "Your people I do not understand," "So to you I shall put an end and" "You'll never hear surf music aga" "Strange beautiful grassy green, " "With your majestic silver seas, " "Your mysterious mountains I wish"

According to a link sent by my correspondent, there are around 100k of these devices out there with a further 50k in the supply chain.

'Scuse me, while I kiss this guy...

UPDATE: Another friend points me to today's Irish Times, which has a big story on the problem. Doesn't say much more, except that there may be quarter of a million customers with the problem... "It's illegal to use someone else's wireless connection without permission", says Eircom primly, - but I bet the person who first posted the exploit was more joker than thief.

Editorial standards
Show Comments

Related

Linux Mint 10

I've tried a zillion desktop distros - it doesn't get any better than Linux Mint 22

Samsung Galaxy Z Flip 6 inner display next to Android figurine.

One of the best foldable phones I've tested is not from OnePlus or Motorola

TCL Tab 10 Nxtpaper 5G

One of the best budget Android tablets I've tested is not made by Samsung or Google