Eircom, the Irish ISP that agreed to disconnect alleged file-sharers at the behest of the music industry, has thousands of customers still exposed to a serious security hole. The flaw, which affects up to 250,000 subscribers, could mean they are wrongly accused of something they didn’t do. Thanks to Eircom, they may now lose their Internet connection. Back in 2007, Eircom was supplying Netopia wireless broadband routers to its customers. Certain models (2247 and 3300) had only weak WEP encryption enabled which is easily hacked if you know how. But even worse, the network encryption key supplied to the customer was an Eircom-generated one, a choice which was set to cause many potential security problems. Unfortunately for Eircom and its customers, it didn’t take long for their setup to be exploited. Aside from standard WEP-crack apps, several pieces of software became available on the web to instantly crack the protection on these routers. Within seconds, the software allows anyone to access an Eircom customer’s connection without permission. All it takes is a simple scan for wireless networks in the area, select one of the available Eircom routers (they are easily spotted) and enter the discovered SSID into the software. The applications instantly return the router’s WEP key. In just moments, anyone within wireless range can be abusing the connection by doing, well, just about anything.
Anyone with one of these routers could simply claim they have been the victim of a hacker and Eircom would have to believe them. I’m sure we’ll be hearing more about this situation before long.
Oh dear, Eircom have a major problem
Why is it I have no sympathy for them?