SiKing

August 4, 2008

Eircom.ie security

Filed under: cyberspace — SiKing @ 1:09 am

Ostrich

So I have been skimming bandwidth from my neighbours since I moved. I will only be here for like four weeks, and not even in a row. Does that make me a thief? Some of my friends think so; hence this post.

First a little background. When I got Internet from Eircom, the modem came with a CD that connects you to the wireless modem automagically, without you inputting or even knowing the pass key. I thought about this and came up with several possibilities of how this could be accomplished. Anything from Eircom shipping a unique CD to each and every customer with the key on it, to the software brute-forcing its way into the modem – both ridiculous ideas. I decided I must look into this a little further a little later. As it turns out, I am not that smart and I am not the first to ponder this. The answer (meaning the security hole) was discovered way back in September of 2007, and a few days later a crack was released. Go ahead, try it out on your own modem. In October of 2007 Eircom actually admitted there is a vulnerability, and sent out a letter to their customers. It is now getting close to a year later. I can catch around two-dozen signals from my apartment, four of which have what appear to be their own modems with proper security, three have the Eircom fix, and the rest are essentially wide open. If you search through the Eircom site, you will notice that they are still convinced the default security is good enough. However, for those that are particularly paranoid, Eircom has relatively easy instructions on how to increase the security of your connection – the term security is used very loosely here. The Eircom fix is a variation of this: change the SSID of your modem. The two solutions are about equivalent and have identical security strength. WEP stands for Wired Equivalent Privacy; do you see any wires between your modem and your laptop?

Back to my conscience. I do believe this is stealing. However, in my mind it is equivalent to stealing from the bank that makes millions of dollars in charges from poor grandmothers on government pension. If you rob the bank, the grandmother will loose nothing as their money is protected by state insurance, the money grabbing bank and insurance are the ones to get hit. Eircom does not charge anyone if their download byte total is over the monthly allowance. I already checked that for myself on my own account. During the day I skim only very little: mail, a little Internet surfing like publishing this post. Last night, when my neighbours were asleep (actually they were partying and keeping me up all night) I did download a movie. My conscience is clear.

But in the interest of providing a public service: If you go to the Eircom support site, completely disregard their opinion of what qualifies as security or what the capability of your equipment is, dig deep enough and long enough, you will find the correct answer to securing your Internet connection. If you have a desktop, and you are connected by a wire (Eircom calls it the “yellow wire”: they ship a yellow ethernet wire and a white broadband wire), then you do not need to have wireless turned on at all! If you do need to have wireless turned on, then you want to configure your modem to use the WPA security!

As a last point I propose the fault is entirely with Eircom. They are a corporation that is providing a service, they are aware this service is flawed, and they have the money to do something about it. It should not be too hard for them to write a piece of software that will take a factory modem, connect to the modem by wireless, configure it for WPA (using a randomly generated key), reset the modem, then configure your computer to be able to connect to that particular modem. If the connection is successful, issue a command to the modem to burn the settings to an EEPROM (small chunk of memory inside the modem), so that when you have problems later and the incompetent Eircom drone instructs you to hard reset the modem these settings are not lost. If the connection was not successful, the software will instruct you to hard reset modem, try again, and if unsuccessful a second time, delegate you to the drone. As I said earlier: I am not that smart, but if I can think of this, how hard can the solution be?

Updated 2008/08/08: If I pay Eircom and still skim BW from my neighbour, is that stealing? 😆

Advertisements

1 Comment »

  1. I8AU1o Thanks for good post

    Comment by johnny — December 30, 2008 @ 3:04 am | Reply


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: