14 DAY TRIAL // One of the most popular brands of wireless routers in UK is reportedly allowing outside attackers to connect to your wireless network, then start rummaging through your personal data. The security report has been issued by the ethical hacker group GNUCitizen, that managed to kneel down a "secured" router in a few attempts.
According to the report, the Thomson/Alcatel BT Home Hub wireless router relies on a weak algorithm in order to generate the locking keys for a Wi-Fi network. The router uses Wired Equivalent Privacy (WEP) keys, and a flaw in the generation algorithm allows hackers to predict the keys in 80 attempts.
The ethical hackers group has even managed to write an automated piece of software that guesses the keys, but the application's code has not been disclosed to the public for security reasons. WEP encryption is one of the weakest algorithms for securing a Wi-Fi network, and has lost ground to the stronger WPA encryption technology.
The group's research is based on Kevin Devine's achievements, an ethical hacker that exploits security vulnerabilities, then prompt the manufacturers to issue a fix. According to the GNUCitizen group, the BT Home Hub routers can be cracked using a simple software application.
Moreover, the group also claims that the router is vulnerable even if users pick the WPA encryption protocol instead of the weaker WEP. The algorithm uses the same predictable routine in order to issue the WPA keys, which allows the attacker to guess the pass-phrase.
Furthermore, according to the GNUCitizen group, the router is vulnerable to more types of attacks, such as VoIP hijacking, or even overriding the password-based security measures. The manufacturer issued an update to the highlighted vulnerabilities in a short time.
According to BT spokesman Adam Liversage, the manufacturer is aware of the security flaws in its products, and the company strongly advises its customers that they should change the default security protocol to WPA with a random key.