From the folks at security think tank GNUCitizen comes yet another demonstration of the insecurity that's present by default in the UK's most popular home broadband router. By default, the BT Home Hub, which is manufactured by Thomson/Alcatel, uses a weak algorithm to generate keys used for locking down a Wi-Fi network. So weak …
One of the things that was mentioned above is hiding your SSID - but surely if you're going to be hacked they really don't need this anyway. And if you do have an obvious SSID (such as an address) any friendly tech can at least easily find you and maybe help fix it?
As you didn't ask, I use:
-MAC address filtering
-default router password changed
-obscure model of router
That should do the trick shouldn't it?
But I want to be Open
I actually want to have an unsecured wireless access point to provide a public service for passing phones, DS'es, laptops even. It's easy to set the hardware up so my own network (including another wireless AP but with WPA2) is seperate from it. Is there any way to sensibly achieve this? Do I need hotspot software? RADIUS?
-WPA PSK (how long is the phrase you used? Ideally 20+ chars and not dictionary-friendly. Using WPA2, if its available? )
-MAC address filtering (fairly trivial to bypass for any non-casual hacker - basic sniffer and MAC-spoof capable card needed)
-default router password changed (great, its amazing how often they do this and yet WEP is the old horse that gets beaten to death by the news rags)
-obscure model of router ( sure why not )
-(hidden SSID) (utterly trivial to bypass/learn with a sniffer because legitimate clients must specify the SSID in plaintext in probes and associates; it is only useful to hide this to prevent it from being identified in the Windows Wireless Networks list where the slobbering masses can see it and try to connect)
Forgot: Change the default SSID!!! The SSID can often tell hackers clues about the router brand, the ISP, and even the serial number. Changing it does more for anonymizing you than hiding it. Assuming you're not making it into your full name or SSN.
Bottom line, WPA-PSK (esp WPA2) with a good key is about as robust as you can get for home use. If they are as capable and determined to crack that, none of the other Mickey Mouse security is comparable. As people have pointed out, they don't ship WPA default because of backward compatibility issues with all the old WEP crapola.
The reason routers don't default/force people to be secure is because of resulting tech support costs.
By defaulting to no security (as all devices I have purchased do), they make the installation easy. If someone gets into trouble they can just poke the "factory reset" thingummy and generally get going easily.
As others have noted, many/most home setups just run unsecured networks.
- Vid Hubble 'scope scans 200,000-ton chunky crumble conundrum
- Bugger the jetpack, where's my 21st-century Psion?
- Google offers up its own Googlers in cloud channel chumship trawl
- Interview Global Warming IS REAL, argues sceptic mathematician - it just isn't THERMAGEDDON
- Apple to grieving sons: NO, you cannot have access to your dead mum's iPad