• ARRSE have partnered with Armadillo Merino to bring you an ARRSE exclusive, generous discount offer on their full price range.
    To keep you warm with the best of Merino gear, visit www.armadillomerino.co.uk and use the code: NEWARRSE40 at the checkout to get 40% off!
    This superb deal has been generously offered to us by Armadillo Merino and is valid until midnight on the the 28th of February.

BT Broadband security risk

#1
Seems BT Homehub has a few vulnerabilities! I would suggest that any subscribers from Arrse might want to look very closely at the way it’s set up and ensure it is not left on default settings

Link
 
#4
Like the article indicates "its the determined hacker" who will get in, if you know what your doing with the right tools.

If you feel you have sensitive information on your PC/LAPTOP, password protect the files and folders, but to be really safe back up data and documents to separate drive (external) and only use when you need too. (its common sense but will help reduce attacks and fraud
 
#6
Gent's

Just spent a happy half hour cracking the next door neighbour (with his permission!) He was the one banging on the door this morning to show me the article. Took about two mins to do his wireless and a further 10 to gather some info on what was on the other end of his network. All done with freely available tools from the net. Only took a few mins to secure it properly. I'm sure it's not just a BT issue but advice is whatever your ISP provides in the way of wireless connectivity, change it from the default settings and ensure a strong password is set.
 
#7
squiffy_parsons said:
Reading the article it would seem that the homehub is as much a security risk as many other users of other types of hub/router.
That is exactly true. Not everyone will have a wireless card that can use WPA. Although WEP can be cracked, it is still better than not using any encryption.

There are many other ways to secure your wifi access point, MAC authentication, no broadcast SSID, etc.
 
#9
msr said:
jinxy said:
There are many other ways to secure your wifi access point, MAC authentication, no broadcast SSID, etc.
That's not strictly true...

msr
They are methods of security, yes MAC can be spoofed, yes there are tools that will find your network if SSID is not broadcast.

But then WEP and WPA can both be broken given time and effort.
 
#12
jinxy said:
msr said:
jinxy said:
There are many other ways to secure your wifi access point, MAC authentication, no broadcast SSID, etc.
That's not strictly true...

msr
They are methods of security, yes MAC can be spoofed, yes there are tools that will find your network if SSID is not broadcast.

But then WEP and WPA can both be broken given time and effort.
Defence in depth is always the best option, Not broadcasting SSID, Mac association and encryption are all tools in the armoury and should be used in conjunction with each other and not as a sole form of security. AAA, Radius, TACAS+ some other tools in the armoury depending on the size of network you look after.
 
#14
Idiot luddite question

Using a wireless network that says "Unsecure"

How risky is this and how can I beef up the security a bit, (A step by step would be appreciated)
 
#15
thegimp said:
Idiot luddite question

Using a wireless network that says "Unsecure"

How risky is this and how can I beef up the security a bit, (A step by step would be appreciated)
when a wirless is unsecure it really is an open safe with the crown jewels on show ready for the taking.

drop me a PM with what type of router you have and we can try and put something together which should improve security.
 
#18
Bravo2nothing said:
Cain and Able coupled with a Ubiquiti wireless card and nobody using wireless is safe.

www.oxid.it/cain.html

BT Home Hub is an invitation to be exploited, whilst it's not noted on this website, many other routers are. Check out the default passwords used here!!

http://defaultpassword.com/?action=dpl
The only time you can crack the pre-shared key is if it is a dictionary word or relatively short in length. If you want to have an nigh-on unbreakable wireless network at home, use WPA/WPA2 and a 63 character password composed of random characters including special symbols.

msr
 
#19
great stuff, I've changed by laptop to WPA and now it won't connect to the internet. It says the details (re wireless network)do not match those stored on the computer. Bugger
 
#20
msr said:
Bravo2nothing said:
Cain and Able coupled with a Ubiquiti wireless card and nobody using wireless is safe.

www.oxid.it/cain.html

BT Home Hub is an invitation to be exploited, whilst it's not noted on this website, many other routers are. Check out the default passwords used here!!

http://defaultpassword.com/?action=dpl
The only time you can crack the pre-shared key is if it is a dictionary word or relatively short in length. If you want to have an nigh-on unbreakable wireless network at home, use WPA/WPA2 and a 63 character password composed of random characters including special symbols.

msr
Agreed. However the key is normally the weak link as the key is based upon a name, number or something that is easily remembered. Creating a rainbow file for the brute force attack takes time but that is something hackers have a lot of.

As long as there are articals such as this on the internet, it makes the process straightforward and the only real skill required is searching on Google.

http://harrychanputra.wordpress.com/2007/05/16/tutorial-how-to-crack-wpawpa2/
 

Latest Threads

New Posts