Guarantee the security of your wireless network is to use WPA2. So far there was no any attack that in any way would allow access to Wi-Fi, which uses this particular security.If the password is strong, and the gate - Wireless Protected Setup (WPS) - off, there is no option to be able to get there to unauthorized persons. Provided that WPA2 does not work on routers known network users UPC - UBEE EVW3226.
Czech hackers belonging to the group yolosec recreated the algorithm that generates on these routers the default network name and password, and this in turn allowed them to break into these networks, which have not been changed.
Already he was known weakness routers UPC. A hacker who use the nickname blasts discovered algorithm for generating keys WPA2 routers Technicolor. And then he offered a fairly simple web-based service. This way everyone can "recover" the key for themselves. Routers are in fact susceptible, generate a default SSID and password with the device ID, so the algorithm ran all possible IDs and then scan for SSI, which fit and presented a list of possible passwords.
Previous routers thankfully gone, and the new attack of this type did not work. Some time ago, UPC also offered its customers a device UBEE EVW3226 - that was the victim of curiosity Czech hackers. All it simplified the fact how easy it was to get root - should only stick to connect with an appropriate name (EVW3226). Then the system run any script, on the media, called .auto, having root privileges.
This method of attack is quite simple - if you only have a physical access is easy to obtain a password.
However, you can make a wireless attack (a little digging in the Linux system, the discharge of firmware and then analyze the code in assembly language). In this way, hackers were able to find the default password WPA2. So there were such a thing as GenUPCDefaultPassPhrase. And now this - MAC address (BSSID) - yes, a little processed (added byte that specifies the type of network - 2.4 GHz or 5 GHz).
Then, the MAC address is processed several times (basically - not exactly know why, because it does not always mean more is better) using the MD5 hash function in order to move out several different strings output (SSID and password). In the end, it was transferred to the 26 character alphabet, and it generated sequence, which consisted of letters from AZ and numbers (in the format in which it was used was in the router passwords UPC).
Another find, quite surprisingly - a filtering function, whose task was passing already generated code by the blacklist containing obscenities (the idea is not to generate offensive password, which then trafiłoby to the customer). Sorry - this alone is somehow weakening password strength.
On Github code is available generator, operates Web-based service (receiving in the MAC address get the password).
Is it possible to somehow protect against this? Generally, the scale of the threat is not small. While walking settlement hackers managed to intercept 17516 wireless network, and in 2384 it came from routers UPC. 443 of them were susceptible to an outdoor attack. Only 97 potentially vulnerable routers have changed the SSID and password.
All users would like to remind - do not leave the default network names and passwords. Their change is the first thing you should do after you start the device. UPC spokesman issued a statement in which he stated that soon users will automatically receive the new firmware for your router. This will be encouraged to change the default password when you first start the device.
We hope that the new firmware will provide a much more efficient way of generating default passwords. And may the people wanted to change them.