Default Key Algorithm In Thomson And BT Home Hub Routers. Yes, we're back with more embedded devices vulnerability research! And yes, we're also back with more security attacks against the BT Home Hub (most popular DSL router in the UK)! As you know, we encourage folks in the community to team up with us in different projects as we've had very successful experiences doing so. This time it was Kevin Devine's turn. Kevin, who is an independent senior security researcher, did an awesome job at reverse engineering the default WEP/WPA key algorithm used by some Thomson Speedtouch routers including the BT Home Hub. Kevin noticed that all the public vulnerability research conducted in the past for the BT Home Hub had been released by GNUCITIZEN, so he decided to share his findings and work with us in this fascinating project. Confirmed suspicions. Many of us involved researching the security of wireless home routers have always suspected that routers that come with default WEP/WPA keys follow predictable algorithms for practical reasons. Yes, I'm talking about routers that come with those stickers that include info such as S/N, default SSID, and default WEP/WPA key. Chances are that if you own a wireless router which uses a default WEP or WPA key, such key can be predicted based on publicly- available information such as the router's MAC address or SSID. In other words: it's quite likely that the bad guys can break into your network if you're using the default encryption key. Thanks to Kevin, our suspicion that such issue exists on the BT Home Hub has been confirmed (keep reading for more details!). Thomson TG585v7 Login Instructions. This page shows you how to login to the Thomson TG585v7 router. Other Thomson TG585v7 Guides. Download Manuals for Thomson TG585v7. Md5this.com. Daily updated. What makes this service different than the select few other md5 crackers? Simple- Way more data.Our advice is: use WPA rather than WEP and change the default encryption key now! Brief history of default WEP/WPA key algorithms research. As far as I know, Kevin and james. Wi- FI home router.
Kevin cracked the algorithm used by Netopia routers which are shipped Eircom in Ireland and AT& T in the US (the second ISP was never reported, 0day!). On the other hand james. Netgear DG8. 34. GT router shipped by SKY in the UK. Unfortunately, james. The Thomson Speedtouch default WEP/WPA algorithm. Unlike james. 67, Kevin's strategy to crack default WEP/WPA algorithms involve debugging setup wizards shipped by some ISPs, as opposed to debugging the router which uses the default key algorithm. Kevin obtained a copy of such wizard (. Such setup utility allowed him to figure out the default key algorithm. In short we have: S/N - > hash - > default SSID and encryption key which can be read as: a hashed version of the router's serial number is generated which is then used to derive both, the default SSID and the default encryption key. This is just a high- level overview of the algorithm. More specifically we have (quoted from Kevin's stkeys tool source code comments): Take as example: . For instance, if the target SSID is . On the other side, a target SSID with only 4 hex digits (2 bytes) such as . Thomson Speedtouch routers provided by Orange in Spain come with WPA enabled by default. Being able to narrow down the number of possible default WPA keys to only two using Kevin's tool is quite remarkable. In the case of the BT Home Hub in the UK (which only comes with 4. WEP encryption by default by the way), we can narrow down the number of possible keys to about 8. In order to avoid the brute- forcing computation time required by the stkeys tool, I created . Think of it as a rainbow table for cracking the BT Home Hub's default WEP encryption key. Once the list of around 8. For this purpose I created . Unfortunately, in order to prevent abuse, we're not publishing such tools. We tested three different BT Home Hubs, and the the attack seems to work fine. There is one thing that I want to mention regarding this attack when launched against a BT Home Hub: breaking into a BT Home Hub Wi- Fi network which uses default settings (4. WEP) has always been possible in a matter of minutes (if packet injection attacks are used) since the Home Hub was released into the market. Therefore, this predictable- default- key attack doesn't change the current state of the BT Home Hub's Wi- Fi insecurity. It's always been known that BT Home Hub Wi- Fi networks can be easily broken into by cracking the WEP key! UPDATE: we decided not to publish BTHHkeygen and BTHHkeybf for now, although they might be released at a certain upcoming conference. Comments Powered By.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
August 2017
Categories |