Critical WPS vulnerability discovered in Bell Canada Home Hub routers

By | Neowin

In recent years, Wi-Fi has gained attention mainly due to the increased speeds afforded by the 802.11n and 802.11ac specifications. This has seen a flurry of new hardware hit the market enticing owners of older 802.11a/b/g hardware to upgrade to the latest and greatest kit.

However, Wi-Fi has seen numerous security setbacks throughout its lifetime. WEP encryption, deployed as part of the earlier Wi-Fi standards, was later found to be less secure than thought. This prompted the development of WPA with TKIP encryption as an interim measure until a more robust solution could be ratified. Ultimately, WEP ended up being easily cracked in under sixty seconds with the right tools. TKIP was deprecated from the 2012 revision of the 802.11 standard as it was no longer considered to be secure.

As such, the standing recommendation for any new Wi-Fi network has been to use WPA2+AES to ensure maximum security against attacks of any nature.

Unfortunately, it seems as though owners of the Bell Canada Home Hub 1000 and 2000 series routers may be in for a rude surprise. According to an anonymous user on DSL Reports and SergeantAlPowell on Reddit, a vulnerability in WPS (Wi-Fi Protected Setup) has been discovered that can compromise networks that have been secured with WPA2+AES.

Despite WPS being disabled, it seems that these Home Hub routers continued to respond to WPS requests. Furthermore, a default PIN of “12345670” coaxed these routers into supplying the passphrase that could be used to connect to the corresponding Wi-Fi network.

It seems that Bell has released a patch for the vulnerability in the form of a silent update for these affected devices. However, Bell Canada has not officially acknowledged the existence of the security issue or its rectification in the firmware version history.

Source: Reddit | DSL Reports

Advertisements