Vodafone has been aware of the issues since December 2012

Aug 6, 2013 11:46 GMT  ·  By

Germany’s Computer Emergency Response Team (CERT) warns Vodafone customers who use EasyBox 802 and 803 DSL routers manufactured by Arcadyan / Astoria Networks that their devices can be easily compromised by hackers.

The alert is based on research performed by Australia-based SEC Consult, which has found that the WPS PIN on Vodafone EasyBox 802 and EasyBox 803 routers (produced before August 2011) are generated based on the MAC address and the serial number of the device.

“The serial number can be derived from the MAC address. An unauthenticated attacker within the range of the access point can capture the BSSID (eg. from 802.11 Beacon Frames) and calculate the default WPS PIN for it,” SEC Consult reports.

Germany’s CERT warns that cybercriminals can exploit this vulnerability to gain access to internal networks and steal information.

Vodafone was notified of the security hole back in December 2012, but so far no patches have been released. After the media picked up the story, the telecoms company has told Der Spiegel that it is working on firmware updates for the affected devices.