Posts Tagged FIOS

Verizon FIOS WEP belong to us

I deal with computer security almost every day and just found one of the most shocking lapses in judgment by a major corporation I have ever seen.It will have a huge effect on many of readers of this blogs security for quite a while to come.

Lets boil it down for those non-nerds. If you have Verizon FIOS and they installed your modem/router (comes with the service) your WEP key is being broadcast through out the neighborhood. The secret code to connect to your internet is being sent to everybody in your neighborhood…. wow.

Now for some details. If you have ever fired up your computer in a neighborhood, likely you have seen the new 5 character (example;  H6196, 9RHUN) wireless clouds that pop up anywhere Verizon has FIOS. This SSID is unique and helps you find your wireless cloud. Verizon decided that since they were doing all this work in setting up peoples wireless access points, why not use the MAC address of the modem and generate SSID based on this. This is a OK idea but then ,as per normal for any large corporation, decided to shoehorn the idea into every aspect of the situation. They then used the MAC address to generate the WEP key.

Any user of Network Stumbler or Wireshark knows that the MAC address is broadcast along with the SSID. You take that 5 charicture SSID, run it through the java script WEP calculator at (http://fioswepcalc.webs.com) and you will likely end up with the WEP key of most all your neighbors wireless networks.

Screenshot

Security through Obscurity has been the modus operandi since the start of computers. At some point, if computers systems are to continue, companies that endanger their clients, lose clients data or expose clients to data theft, will have to be held accountable for poor security.

In real life trials, only half of the FIOS WEP keys were valid.

, , ,

No Comments