BT Home Hub Vulns

April 15, 2008

BT Home Hub, manufactured by Alcatel/Thomson, uses such a weak algorithm to generate its WEP key that it can be cracked in little more than 80 iterations. Using, for example, Weplab, one can easily achieve this.

WepLab tries to break the WEP key using several known attacks.

  • Bruteforce: trying to brute force the key. It is also possible to restrict the key-space by just trying an small customizable subset like 7F:7F:7F… if you are looking, for example, an ascii plain key.
  • Dictionary: by using a dictionary of words or pass phrases and trying each one as key in plain or MD5 form. Weplab relies on John The Ripper to generate the words, so you can take full advantage of all its options.
  • Statistical attacks: by using the FMS attack and not restricting it to the classic A+3,FF,x form (as most WEP crackers do), but trying all IV in deep to see if they are weak, and attacking both the first and the second byte. Latests version of weplab include the amazing Korek’s attacks that make FMS obsolete. Using these new attacks it is possible to crack a 64-bit key from 100.000 packets and a 128-bit key by using 300.000 packets. Forget everything about interesting or weak packets. Korek’s attacks changes everything. And, as far as I know there is no patched firmware yet!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: