Experts Find Way to Crack Default WPA2 Passwords of Belkin Routers

Security researchers Jakob Lell and Jörg Schneider claim that the default WPA2 passwords used by many Belkin routers can be easily guessed by an attacker who knows the device’s WAN MAC address.

A number of Belkin wireless routers are shipped with a default WPA2 password to protect network connections. The apparently random passwords are printed on a label that’s on the bottom of the router.

Although this approach should be, in theory, more secure, because the password is likely stronger than what many users would set themselves, it turns out that the random passphrases aren’t so random.

The researchers have determined that the password is based on the device’s WAN MAC address, and since this information is not so difficult to obtain, a remote attacker could easily hack into a targeted network – given that the default configuration is used.

The default password is made of 8 characters which can be determined by replacing each hex-digit of the WAN MAC address with another value from a static substitution table.

Several device models are affected, including Belkin N450 Model F9K1105V2 and Belkin Surf N150 Model F7D1301v1.

The experts claim to have contacted Belkin back in January, but since they haven’t received any response, they’ve made their findings public. In the meantime, they advise users to change their default passphrases to something stronger and, implicitly, more secure.