News

[PSUs]

Thursday 21st February 2008

Sky slips up on default Wi-Fi passwords 12:46PM, Thursday 21st February 2008

Sky Broadband routers may be vulnerable to a security hole, unusually caused by human error rather than a design flaw.

The default password on a router commonly shipped to customers is generated from the unit's MAC address - a value which is openly broadcast on the network, unencrypted.

"In the case of the V1 router, it's generated entirely from the router's MAC address, which of course is broadcast in the clear, so

ADVERTISEMENT

when you pick up someone else's Sky wireless network, getting the WPA password is pretty easy," says James67 on the SkyUser support forums.

Theoretically, anyone who discovers the algorithm for generating the passwords would gain access to any Sky Broadband Wi-Fi network where the customer has not changed the default security settings.

"To improve your security even further we recommend you change the default password by following the steps below," advises a page on Sky's website, which provides instructions to users on how to change the WEP password on their router.

The problem only affects the rebadged Netgear DG834G router that Sky supplies.

Sky was unavailable for comment at the time of writing.

Matthew Sparkes

Submit to: Digg | Slashdot | Del.icio.us | Technorati

Read comments: 4

Add comments

Email a friend