Skip to main content

BT's WiFi router easily hackable, says Whitehat hacker

Ethical hackers at GNUCitizen.org have found out that the encryption used in one of UK's most popular wireless routers is so weak that the keys can be guessed in just 80 tries on average.

In a short entry (opens in new tab) posted on their blog, one of the members of the Security think tank, Kevin Devine, reverse-engineered the default WEP/WPA key algorithm used by some Thomson Speedtouch routers which includes BT's Home Hub, Orange, O2 and Bethere as well (see picture below).

He was able to devise an application that can automate the guessing process but has not released it for security reasons.

The issue arises because information such as the router's mac address and the SSID are already available and the default key used on those routers follow a certain algorithm.

GNUCitizen's advise is to use WPA (Wi-Fi protected access) rather than WEP (wired equivalent privacy) encryption as well as changing the default encryption key as soon as possible.

As Ethical hackers, GNUCitizen also released the WEP/WPA algorithm which means that criminals could use this information to target potential victims; which is made altogether more easier as by default, most ISPs leave their name in the router's identification tag.

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at ITProPortal.com where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.