Blog: How Tos

CONSUMER ADVICE: Home Wi-Fi routers. Is yours secure?

Andrew Tierney 23 Jun 2017

According to the ONS 82% of households in the UK are now connected to the Internet. A huge proportion of these are likely to be using a wireless router to allow their devices to connect to the Internet over Wi-Fi, and probably with the default settings left unchanged.

Most of those routers come with a password to connect to the Wi-Fi – and it’s that password which is an issue.

The technology used to protect your Wi-Fi password is called WPA2, and is the successor to a flawed technology called WEP. WEP was extremely easy to crack, often crackable in under an hour. WPA2 doesn’t contain that flaw, so your Wi-Fi password is safe right?

Well, almost

Because Wi-Fi is an over the air technology, it’s possible to capture the authentication handshake between your device and your ISP’s router. Remember that these days we’re not just talking about a laptop or a mobile phone, the Internet of Things means that your IoT fridge or doorbell will be making the same handshake too.

Brute forcing is a computational technique that tries every single possible combination of words, letters, and/or numbers. Given that WPA2 allows the password to be up to 63 characters, that could take a long time.

However, ISPs seem to be following set patterns when it comes to choosing their default Wi-Fi passwords, and that helps us a great deal! So, we’ve researched some common ISP Wi-Fi passwords, and using our custom password cracking rig, have listed the time it would take to crack the captured authentication handshake to reveal the Wi-Fi password.

Device PSK character set PSK length Time to crack
Orange [2345679ACEF] 8 5 minutes
AOL [0-9,A-Z] 8 2 hours
Virgin SuperHub [abcdefghjklmnpqrstuvwxyz] 8 2 days
Sky [A-Z] 8 4 days
TalkTalk [ABCDEFGHJKMNPQRTUVWXY346789] 8 5 days
BT HomeHub [2-9,a-f] 10 5 days
Plusnet [0-9,A-F] 10 19 days

 

As a demonstration, we took a BTHome-Hub5 we had laying around, captured the authentication handshake and using the formulas above tried to crack the password.

Firstly we tried this using a standard laptop with a reasonable graphics card installed. As you can see this would take roughly 72 days to crack:

wpa2crack1

However, if we take the same handshake and attempt to crack it using our PTP password cracking rig, the estimated time comes down to a very nice 5 days. This isn’t great!:

wpa2crack2

So, what’s the problem?

Well, if malicious person does capture your Wi-Fi authentication handshake, and crack it to reveal the password, they can connect to your home network and from there it would be possible to see all the devices connected to your network. If any of those devices have vulnerabilities (i.e. you haven’t been keeping up to date with updates and patches) then they could take full control of them.

Default credentials

Also, most ISP provided routers have default user names and passwords to access their management interface. With that level of access an attacker could control all of your internet traffic, including capturing any user names and passwords that you use, for things like internet banking for example.

What should you do?

In the small print most ISPs suggest changing the Wi-Fi password. But:

a) Who reads the small print, and

b) How easy is it for the average home owner to change the password?

It would help if ISPs increased the number of characters in the password. Even a simple increase from 10 to 12 characters would push the cracking time from five days up to many many years.

The best thing for you to do is change the default password to one of your own choosing, and make it complex – essentially making it as difficult as possible for the attacker to crack.

Generating a complex random password can be done using a password management tool such as KeePass.

There’s more info and discussion here with the BBC: