I’ve just got back from a couple of weeks holiday – a rare opportunity to spend some quality time with my wife and sons. Over that time, blogging has taken a back seat – although I had taken my laptop with me it was on the basis that it was somewhere to back up the digital photos and anything remotely work-related was strictly banned… but I’m an Internet junkie and I just had to get online.
Turning on the laptop revealed weak signals from a number of free wifi providers in the area with names like “Netgear”, “Linksys” and “D-Link”. Of course, these were unsecured access points using default configurations but more worrying were the wireless networks that Windows Vista classed as security-enabled, named “BTHomeHub-xxxx“.
The BT Home Hub is a popular ADSL router in the UK and, although I’ve never used one, judging by what I saw WEP appears to be the default configuration (I certainly didn’t find any evidence of anybody using anything else) – BT Home Hub users should be made aware that wired equivalent privacy (WEP) is by no means secure and can be cracked very quickly, as Michael Ossmann details in his WEP dead again articles part 1 and part 2 and as Steve Gibson explained in episode 89 of the Security Now podcast (transcript).
I should stress that I did not use any of the methods that Mike or Steve describe to hack into anybody’s network but I was tempted. Next time I may even give it a try… all in the name of security research of course.