Eircom Security Flaw Allows Hackers to Exploit Customers
Eircom has planned to contact 250,000 of its customers regarding a security issue that arose in company's wireless modems. This security problem may allow the hackers to use the wireless connections without the Eircom's account-holders' knowledge. Apart from allowing free access to the Internet, the flaw might also provide a hacker an opportunity to carry out illegitimate activity, which could create problems for the unsuspecting Eircom customer (as he could be traced back).
The security breach is believed to have affected the Netopia 2247 and 3300 series routers.
Wireless broadband systems have always been an easy target because besides the subscribers, other people can also use the Internet connection. Because of the way in which security has been deployed on the products, hackers as well as others with basic computer knowledge are capable of freely using them to access the Internet.
The reason for this is the simple procedure of the connections. The wireless routers exploit a WEP (Wired Equivalent Privacy) security protocol. Anyone accessing the network is required enter 16-digit password, which is created from the router's serial number and some texts that are converted into numerical values.
But since the 8-digit number used to identify wireless network of a particular user is also a resultant of that serial number, anybody with a wireless-enabled PC in30 meters radius could see the identifier.
Apart from this security flaw, WEP itself is criticized for being an easy target to attacks from the hackers. Technical Director of IT security firm RITS, Conor Flynn, believes that the service providers should consider only the Wi-Fi Protected Access (WPA2). WEP is predictable and can easily be hacked. He also added that there are software tools available online which could break any sort of WEP key in a couple of minutes, reported The Register on 2 October 2007.
On the other hand, an Eircom spokesman has asked the customers to change their 4-digit personal security identification number provided with their wireless modems. This is to ensure a basic level of security. However, he also pointed that no wireless system offers complete safety from cyber abuse and that these are only precautionary measures.
» SPAMfighter News - 12-10-2007