When Will UK ISP's Learn?
What with BT Shipping all home hubs with only wep, and now Sky:
Sky Broadband advises customers to consider changing their default Wi-Fi passwords - because the apparently random network keys are guess-able.
The ISP issues customers with a wireless router that is pre-configured with wireless security switched on, and an apparently random network key. This sounds like a good plan. However, the key is based on the router's MAC address, which is broadcast "in the clear" - i.e in unencrypted form.
Reg reader James, who brought the issue to our attention, said that getting the MAC address is trivial and working out the algorithm that links it to a network key is "not exactly rocket science".
Well I suppose it's still a step in the right direction, compared to most ISP's and wireless router manufacturers, worldwide, shipping wireless routers absolutely wide open!
I was under the impression all the SKY routers shipped were WPA by standard?
Yes, they are.
Originally Posted by Andy90
What the report is saying is that Sky use a simple algorithm to generate a WPA passphrase based upon the mac address.
It's an unfortunate method to choose, but it's still got to be better than a "factory default" wide open box like most manufacturers and ISP's provide to the market.......
They also use custom firmwares which remove the login details section from the manufacturers web-based config utility.
The only way to obtain the username or password (even for the owner) is through an html injection technique.
Right yes sorry, I read that thread to say "BT ship only WEP and now do so sky", sorry my bad read it wrong.
A friend of mine is waiting on her Sky router to come in the post, I'll see if I can figure it out.
man here ISP recommend against any security so the noobies can leave their helpdesk alone of "i cant figure this out.." calls
I have got 2 spare sky routers which i am prepared to give the mac address and wpa key to someone if they think they can work the algorithm out
Have a search for the Eircom WEP key issue, that did the same thing.
Used weak cypher of the MAC + SSID + quote from a Jimmy Henriks IIRC.
I'm to tired to find the link, but will edit in the morning.
Originally Posted by woody565