Security researchers Jakob Lell and Jorg Schneider recently discovered that it’s dangerously easy to figure out the default WPA2 passwords on many Belkin wireless routers, because the password is based on the device’s MAC address.
“Since the mac address is broadcasted with the beacon frames sent out by the device, a wireless attacker can calculate the default passphrase and then connect to the wireless network,” Lell and Schneider write. “Each of the eight characters of the default passphrase are created by substituting a corresponding hex-digit of the wan mac address using a static substitution table.”
“Lell’s revelation, which he says makes it possible to deduce passwords by drawing up a simple substitution table, means all an attacker needs to do to compromise a device is learn its MAC address and then spend a few minutes converting it into Hex,” writes The Register’s Simon Sharwood.
“Belkin Surf N150 routers with model number F7D1301v1 are affected,” The H Security reports. “Based on labels posted on the Belkin web site, the security specalists suspect that the N900 (F9K1104v1), N450 (F9K1105V2) and N300 (F7D2301v1) models may also use easily calculated WPA passwords. The researchers refused to rule out the possibility that other models could also be affected.”
“The experts claim to have contacted Belkin back in January, but since they haven’t received any response, they’ve made their findings public,” writes Softpedia’s Eduard Kovacs. “In the meantime, they advise users to change their default passphrases to something stronger and, implicitly, more secure.”