Those with a BT Home Hub — and there’s a lot of them, as it’s currently the most popular DSL router in the UK — might be sleeping a little less soundly tonight following the claims of an ethical hacking group, GNUCitizen, to have found a way to past its Wireless security.
Rather than getting all hardcore and going into details of how it came about, we’ll give you the overview.
How it came about
A little while back Kevin Devine, an independent security researcher, reverse engineering the default WEP/WPA key algorithm used by some Thomson Speedtouch routers that are built into BT’s Home Hub.
To make sure the average citizen has some level of protection to their wireless, BT’s Home Hub uses default WEP/WPA keys.
BT clearly recognised that having the non-techs setting their WEP/WPA keys would be a disaster, as it involves typing in a long string of hex numbers – a pretty messy business at the best of times.
Using default keys gave protection, but avoided endless support calls from confused customers.
The wireless security keys are not the same for each Home Hub — a welcome move that you’ve got to lift your hat to BT about — each Home Hub has its own automatically-assigned default set of keys.
Sadly it appears that these keys have an algorithm that is used to generate the keys – and that this algorithm uses the units serial number of generate it.
As GNUCitizen explain it, “a hashed version of the router’s serial number is generated which is then used to derive both, the default SSID and the default encryption key.” Hashing just means the application of some maths to the serial number and the SSID is the ‘name’ the wireless router calls itself by.
GNUCitizen has written a set of tools to help them named BTHHkeygen and BTHHbf. Wisely they’ve decided not to publish them — they normally publish all other research — for fear that they might be abused.
If all of this is correct BT, could have a massive job on their hands in getting their customers to change their WEP/WPA keys.
It could be seen as pretty remis if BT know about this, but fail to alert their broadband customers. If this group of hackers has written tools, it means others could do the same.
We’ve contacted BT who will be sending us a statement –
as at publishing it hasn’t arrived.