Sky slips up on default Wi-Fi passwords

 

Gallery

By Matthew Sparkes

Posted on 21 Feb 2008 at 11:58

Sky Broadband routers may be vulnerable to a security hole, unusually caused by human error rather than a design flaw.

The default password on a router commonly shipped to customers is generated from the unit's MAC address - a value which is openly broadcast on the network, unencrypted.

"In the case of the V1 router, it's generated entirely from the router's MAC address, which of course is broadcast in the clear, so when you pick up someone else's Sky wireless network, getting the WPA password is pretty easy," says James67 on the SkyUser support forums.

Theoretically, anyone who discovers the algorithm for generating the passwords would gain access to any Sky Broadband Wi-Fi network where the customer has not changed the default security settings.

"To improve your security even further we recommend you change the default password by following the steps below," advises a page on Sky's website, which provides instructions to users on how to change the WEP password on their router.

The problem only affects the rebadged Netgear DG834G router that Sky supplies.

Sky was unavailable for comment at the time of writing.