Feeds

back to article Hexing MAC address reveals Wifi passwords

The default WPA2-PSK passphrase used in some Belkin routers simply replaces a character of the device’s MAC address with another hecxadecimal character, according to security blogger Jakob Lell. Lell describes the situation as follows: Each of the eight characters of the default passphrase are created by substituting a …

COMMENTS

This topic is closed for new posts.

Excellent!!! Mwahahahaha!!

2
0
Silver badge

Just wondering

Isn't a MAC address usually notated in hex anyway? Why would you need to convert it into hex unless your software is retarded and gives you decimal notation, or 64 1s and 0s?

4
0
Silver badge

Re: Just wondering

Yes, every MAC address I've ever seen has been in hex. However, it may be that some manufacturers have started using decimal notation; but that would be weird because surely MAC address entry fields all use hex?

0
0

Re: Just wondering

@M Gale

Yeah I agree, but I was also confused when it said it takes a _few minutes_ to convert it into hex. this can't just mean converting a decimal number into hex, surely.

1
0
Silver badge

Some models even advertise their MAC address on the case of the device!

The horror!

13
0
Silver badge

Re: Some models even advertise their MAC address on the case of the device!

Yeah... I thought that was a bit of a silly complaint. Some routers also allow you to attach a wired network device with no authentication! Protecting a system from someone with physical access is damn hard. I think they did the sensible thing by not trying.

The part where the password can be derived from the MAC address on the other hand... not so smart.

10
0
Silver badge
Holmes

Re: Some models even advertise their MAC address on the case of the device!

And those models with a helpful label showing the MAC address usually print the default WPA keys, so to ignore that, read the MAC address on the label and hashing it seems a bit of a strange task indeed...

7
0
Gold badge

Re: Some models even advertise their MAC address on the case of the device!

My thoughts entirely.

Dunno why that was in the article as it's irrelevant. The important bit is that you can get the MAC from the device remotely so whether it's printed on the side or not makes no odds, you don't need physical access to get into it if the key can be deduced from the MAC.

2
0
Anonymous Coward

Re: Some models even advertise their MAC address on the case of the device!

Every piece of equipment, with a network interface, I have ever seen has a label on it with the mac address.

The reason for this is simple. It is so when you attach it to your network you can add the MAC address to any permission tables and/or DHCP servers needed to give the equipment access to your network.

3
0
Linux

Re: Some models even advertise their MAC address on the case of the device!

Every piece of networking equipment has a MAC address, this is a public bit of info (meaning this is broadcasted if you are in range/plugged into that network)

This is because network cards communicate to each other with their MAC addresses on a switched network. Not by their IP. OSI model..

The Wireles MAC is broadcasted with the SSID, this is how your wireless device CAN (but usually doesn't) see the difference between two AP's with the same SSID.

1
0
FAIL

Well, at least the source article doesn't try to say you have to convert a mac address into hex.

On the down side, it also brings up the fact that these passwords are also ridiculously easy to crack since they too remain in HEX.

I can think of dozens of simple methods using even just the mac address that could result in very complex passwords involving any key on the keyboard.

Instead, they have a total of just over 4 billion possible passwords ( 8.5 billion on some models )...making a brute force easy. A standard PC is looking at less than a single day in the worst case.

0
0
Anonymous Coward

> I can think of dozens of simple methods using even just the mac address that could result in very complex passwords involving any key on the keyboard.

Any method you came up with that was based upon the mac address would be susceptible. Once the algorithm was known it would expose all password created with that method. For example, if your method involved an md5 hash of the MAC address with a key on the keyboard (although belkin's don't have keyboards) this would only result in 102 possibilities.

> Instead, they have a total of just over 4 billion possible passwords ( 8.5 billion on some models ).

Where do you get the 4 billion from? 4 billion is 32 bits but a MAC address is 48 bits so it can't be the MAC address space. The first 24 bits of a MAC address are used to identify the manufacturer which means the search space would be 16.7 million for each address block assigned to Belkin.

2
0
FAIL

Verzion routers same

The westel DSL router 704wgb was the same: just change the last char for password.

15 tries max. lol.

And why not change the password.

Verzion loved to reset the box so you gave up changing it and the SSID

Twice in one day was the worst.

Twice in one week normal.

I have two in the junk box

0
0
Anonymous Coward

Re: Verzion routers same

Which MAC?

Wireless or Fixed? If it is wireless they this is a serious security flaw. If it is a the fixed Ethernet MAC on the home side its impact is nearly zero.

0
3

This post has been deleted by its author

Silver badge
Paris Hilton

Re: Verzion routers same

"Which MAC? Wireless or Fixed? If it is wireless they this is a serious security flaw. If it is a the fixed Ethernet MAC on the home side its impact is nearly zero."

That can't be faulted. We usually call this kind of user/machine systems the "gorm-free zone" ("the zone" for short), for obvious reasons. IT professionnals of that grade are in constant demand. I wish I could make it to "the zone". I would get a higher salary, to start with.

1
0

Re: Verzion routers same

Just looked in junk box . These are Actiontecs with the default WEP key made from the last 10 characters from the Wan MAC and seem to remember WEP sends the Wan MAC in the packet headers. Must be another Verzion router that changes the last character.......

BTW a lot of RoadRunner modems (thats Time Warner) are open as default.

1
0

Re: Verzion routers same

>Wireless or Fixed? If it is wireless they this is a serious security flaw. If it is a the fixed Ethernet MAC on the home side its impact is nearly zero.

A significant number of devices have only a single digit difference between wireless and ethernet interface. The AP I use (not a belkin), uses the same MAC for the wireless and ethernet interfaces. Only secondary (VLAN) wireless IDs have a totally different MAC assigned.

0
0

Simple fix, but...

> The good news is that users need only change the password to make the poorly-coded default codes irrelevant.

Well, yes, but it doesn't inspire confidence that they've not made other similar blunders that affect users' security.

0
0

This post has been deleted by its author

This post has been deleted by its author

This post has been deleted by its author

Silver badge

I put a HEX on you

Behcohohohoz you're... MIIIIINE!

Huhaha huhaha huaha

(Apologies to "Screamin'" Jay Hawkins)

1
0
Pint

Security, what's that.

Was at a mates house last week and he challenged me to get into his Wi-Fi network, had a domestic D-link router.

No problem says I picking up the router and holding in the reset button....

The simplest solutions are often the best....

5
0
Anonymous Coward

Re: Security, what's that.

Any device an attacked has physical access to is already comprimised.

0
0
Anonymous Coward

Belkin, people still use their crap?

1
1
Anonymous Coward

I suppose you would rather use NetGear

or D-LInk?

0
0

Re: I suppose you would rather use NetGear

I would rather use D-Link or NetGear then the total POS Belkin is. They are professionals at making gear that sucks. I have a DWL3200 AP that's served me well for years. Only real issue I've had with them is if they get too hot they lose their NVRAM settings.

0
0
Anonymous Coward

Uh, what default password?

Admittedly, I've never worked with a Belkin router, but with every kind of WiFi device I've worked with, you have to specify the WPA2-PSK password when you tell the device to, well, use WPA2-PSK encryption. And, of course, it has to be the same both for the router and for the device you attach to it. So, it doesn't make sense to have some kind of default password that is a weird string of characters on the router - you have to know what the password is, in order to specify it for the device you're going to connect to it, so why not just specify it for the router, too?

A much bigger problem is that many routers default to the insecure WEP encryption, or that they have a default password (specific for the model; I mean, it is the same for all devices of that model) for their settings - which most people never bother changing.

0
6
Silver badge
WTF?

Re: Uh, what default password?

Have you worked with *any* domestic router???

1
1
Holmes

Eh?

The _default_ password on a domestic router is easy to guess.

Please could somebody let me know why this is news?

0
1
Anonymous Coward

Re: Eh?

Encryption key, yeh they're not usually overly strong when shipped out but the fact you can mathmatically calculate the key from information being broadcasted to you means that this is broken.

1
1
Gav
Holmes

oxymoron

The phrase "default password" is an oxymoron. If it is default it it totally insecure. If it is totally insecure it is not performing the function of a password.

1
0
Headmaster

Re: oxymoron

I don't disagree with what you're saying, but it definitely isn't an oxymoron.

To be an oxymoron the two words must have opposite meanings. The definition of password is a secret string for auth, the definition of default is not the opposite of that.

</pedant>

1
0
Anonymous Coward

Your password is probably already in google's "cloud" in any case...

...if you use a google Nexus tablet and perhaps other Android devices, your (cleartext) WiFi password is uploaded and stored on google's servers - for your convenience, naturally - along with (presumably) other information such as the manufacturer (from MAC address), geographic location (from GPS) and so on. Quite a handy database, especially for hackers...

1
1

Re: Your password is probably already in google's "cloud" in any case...

Link? Had a quick search but can't seem to find reference to that anywhere.

Sure, the connection password is stored in plaintext on the phone/tablet (how do you plan to authenticate with a hash?) but I can't find any reference to it being sent to Google.

Would make interesting reading if true, but I get the sense it's hyperbole

1
0
Anonymous Coward

Re: Your password is probably already in google's "cloud" in any case...

This happens if you link your google account to the device. They are not hiding anything - it's mentioned somewhere in the small print of the options you are asked to approve during setup.

There are many links online - search for "google account wifi password" or similar, for example:

http://androidforums.com/android-applications/382763-wow-google-stores-your-saved-wi-fi-passwords-cloud.html

0
0
Anonymous Coward

Re: Your password is probably already in google's "cloud" in any case...

If you choose to backup your Android device to Google it will store it , if you choose not to it won't. It asks you first. However whether it is stored in plaintext or not , i don't know.

1
0
Facepalm

Ah - But.....

...Will the Belkin router stay working long enough for the hacker to work out the key?

My last one (a free replacement for the first faulty one) only lasted about an hour. I did not bother installing the 2nd free replacement. Used a Netgear instead.

2
0
Anonymous Coward

Pwning someone else's network would be handy. My home broadband is shite.

0
0
Pirate

Your home broadband is probably shite because somebody has pwnd it.

As far as domestic routers go only the newer Sky boxes and third generation BT hubs are putting up any resistance in the UK.

0
0
Anonymous Coward

ISP-provided, but WPA2 with non-default SSID and key.

0
0
Facepalm

Who's complaining?

Basing a password on anything obvious-when-you-know-about-it is silly, but at least this is several obscurity steps beyond using the manufacturer's name. And how about "admin .. password" for the admin web login?

The real security scandal is not changing default passwords, whatever they are. There is no-one to blame but ourselves.

0
0
Coffee/keyboard

ROFLCOPTER

what a joke of an article, i suggest the author "Simon Sharwood, APAC Editor" find a hole and jump into it, sharpish.

0
0
This topic is closed for new posts.