{"id":8789,"date":"2015-12-21T13:10:32","date_gmt":"2015-12-21T17:10:32","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=8789"},"modified":"2015-12-21T13:10:32","modified_gmt":"2015-12-21T17:10:32","slug":"critical-wps-vulnerability-discovered-in-bell-canada-home-hub-routers","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2015\/12\/21\/critical-wps-vulnerability-discovered-in-bell-canada-home-hub-routers\/","title":{"rendered":"Critical WPS vulnerability discovered in Bell Canada Home Hub routers"},"content":{"rendered":"<p><span class=\"author vcard\">By <a class=\"fn profile-link\" href=\"http:\/\/www.neowin.net\/profile\/441727-boyd_chan\" target=\"_blank\" rel=\"author\">Boyd Chan<\/a><\/span> | <a href=\"http:\/\/www.neowin.net\/news\/critical-wps-vulnerability-discovered-in-bell-canada-home-hub-routers\" target=\"_blank\">Neowin<\/a><\/p>\n<p>In recent years, Wi-Fi has gained attention mainly due to the increased speeds afforded by the 802.11n and 802.11ac specifications. This has seen a flurry of new hardware hit the market enticing owners of older 802.11a\/b\/g hardware to upgrade to the latest and greatest kit.<\/p>\n<p>However, Wi-Fi has seen numerous security setbacks throughout its lifetime. WEP encryption, deployed as part of the earlier Wi-Fi standards, was later found to be less secure than thought. This prompted the development of WPA with TKIP encryption as an interim measure until a more robust solution could be ratified. Ultimately, WEP ended up being easily cracked in under sixty seconds with the right tools. TKIP was deprecated from the 2012 revision of the 802.11 standard as it was no longer considered to be secure.<\/p>\n<p>As such, the standing recommendation for any new Wi-Fi network has been to use WPA2+AES to ensure maximum security against attacks of any nature.<\/p>\n<p>Unfortunately, it seems as though owners of the Bell Canada Home Hub 1000 and 2000 series routers may be in for a rude surprise. <a href=\"http:\/\/www.dslreports.com\/forum\/r30443059-Bell-Home-Hub-2000-Backdoor-Security-vulnerability\" target=\"_blank\">According to an anonymous user on DSL Reports<\/a> and <a href=\"https:\/\/www.reddit.com\/r\/ottawa\/comments\/3wsxkf\/bell_canada_router_security_vulnerability\/\" target=\"_blank\">SergeantAlPowell on Reddit<\/a>, a vulnerability in WPS (Wi-Fi Protected Setup) has been discovered that can compromise networks that have been secured with WPA2+AES.<\/p>\n<p>Despite WPS being disabled, it seems that these Home Hub routers continued to respond to WPS requests. Furthermore, a default PIN of &#8220;12345670&#8221; coaxed these routers into supplying the passphrase that could be used to connect to the corresponding Wi-Fi network.<\/p>\n<p><a href=\"http:\/\/www.reddit.com\/r\/ottawa\/comments\/3wsxkf\/bell_canada_router_security_vulnerability\/cy2sko5\" target=\"_blank\">It seems that Bell has released a patch for the vulnerability<\/a> in the form of a silent update for these affected devices. However, Bell Canada has not officially acknowledged the existence of the security issue or its rectification in the firmware version history.<\/p>\n<p>Source: <a href=\"https:\/\/www.reddit.com\/r\/ottawa\/comments\/3wsxkf\/bell_canada_router_security_vulnerability\/\" target=\"_blank\">Reddit<\/a> | <a href=\"http:\/\/www.dslreports.com\/forum\/r30443059-Bell-Home-Hub-2000-Backdoor-Security-vulnerability\" target=\"_blank\">DSL Reports<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>By Boyd Chan | Neowin In recent years, Wi-Fi has gained attention mainly due to the increased speeds afforded by [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[7,10],"tags":[123,341,794,826,917,1204,1247,1249],"class_list":["post-8789","post","type-post","status-publish","format-standard","hentry","category-security","category-technology","tag-bell-canada","tag-exploit","tag-passphrase","tag-pin","tag-routers","tag-wi-fi","tag-wpa2aes","tag-wps"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-2hL","jetpack-related-posts":[{"id":7070,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/12\/11\/comcast-slapped-with-class-action-lawsuit-for-turning-customers-routers-into-public-hotspots\/","url_meta":{"origin":8789,"position":0},"title":"Comcast slapped with class-action lawsuit for turning customers&#8217; routers into public hotspots","author":"NCCT","date":"December 11, 2014","format":false,"excerpt":"Comcast\u2019s controversial decision to transform its customers\u2019 wireless routers into public Wi-Fi hotspots has, predictably, landed the company in even more hot water. A pair of disgruntled customers recently filed a class-action lawsuit against the cable, television and Internet provider in San Francisco. Toyer Grear and Joycelyn Harris claim Comcast\u2026","rel":"","context":"In &quot;Networking&quot;","block_context":{"text":"Networking","link":"https:\/\/nccomputertech.com\/techtalk\/category\/networking\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5909,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/07\/08\/whats-next-for-wi-fi-a-second-wave-of-802-11ac-devices-and-then-802-11ax\/","url_meta":{"origin":8789,"position":1},"title":"What\u2019s next for Wi-Fi? A second wave of 802.11ac devices, and then: 802.11ax","author":"NCCT","date":"July 8, 2014","format":false,"excerpt":"Now that blazing-fast routers based on the IEEE 802.11ac standard are finally entering the mainstream, intrepid engineers are busily cooking up all-new hardware that will make that gear\u2019s performance seem quaint by comparison. That\u2019s not to say 802.11ac is about to fall by the wayside\u2014after all, the IEEE didn\u2019t officially\u2026","rel":"","context":"In &quot;Technology&quot;","block_context":{"text":"Technology","link":"https:\/\/nccomputertech.com\/techtalk\/category\/technology\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5864,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/07\/01\/some-surface-pro-3-users-complain-of-wi-fi-woes-after-first-day-firmware-update\/","url_meta":{"origin":8789,"position":2},"title":"Some Surface Pro 3 users complain of Wi-Fi woes after first-day firmware update","author":"NCCT","date":"July 1, 2014","format":false,"excerpt":"\u00a0 Ten days after launch, Microsoft is still trying to squash the bugs in its Surface Pro 3 tablet. As Ed Bott at ZDNet reports, some users have been complaining of connectivity problems over 802.11ac Wi-Fi networks. Complaints have also popped up on Microsoft's support forums, with users noting slower\u2026","rel":"","context":"In &quot;Hardware&quot;","block_context":{"text":"Hardware","link":"https:\/\/nccomputertech.com\/techtalk\/category\/hardware\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5871,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/07\/01\/free-wi-fi-networks-in-sf-san-jose-enable-seamless-switching-with-hotspot-2-0\/","url_meta":{"origin":8789,"position":3},"title":"Free Wi-Fi networks in SF, San Jose enable seamless switching with Hotspot 2.0","author":"NCCT","date":"July 1, 2014","format":false,"excerpt":"San Francisco and San Jose are now at the cutting edge of another tech trend, and one that has nothing to do with smartwatches or social-media startups\u2014not directly, at least. The two cities have geared up their free public Wi-Fi networks so users can automatically get on both after going\u2026","rel":"","context":"In &quot;Networking&quot;","block_context":{"text":"Networking","link":"https:\/\/nccomputertech.com\/techtalk\/category\/networking\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5681,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/06\/03\/meet-cupid-the-heartbleed-attack-that-spawns-evil-wi-fi-networks\/","url_meta":{"origin":8789,"position":4},"title":"Meet \u201cCupid,\u201d the Heartbleed attack that spawns \u201cevil\u201d Wi-Fi networks","author":"NCCT","date":"June 3, 2014","format":false,"excerpt":"Enlarge \/ A packet capture showing Cupid attacking a wireless network. SysValue \u00a0 \u00a0 It just got easier to exploit the catastrophic Heartbleed vulnerability against wireless networks and the devices that connect to them thanks to the release last week of open source code that streamlines the process of plucking\u2026","rel":"","context":"In &quot;Networking&quot;","block_context":{"text":"Networking","link":"https:\/\/nccomputertech.com\/techtalk\/category\/networking\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/cdn.arstechnica.net\/wp-content\/uploads\/2014\/06\/heartbleed_cupid_img1-640x356.png?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/cdn.arstechnica.net\/wp-content\/uploads\/2014\/06\/heartbleed_cupid_img1-640x356.png?resize=350%2C200 1x, https:\/\/i0.wp.com\/cdn.arstechnica.net\/wp-content\/uploads\/2014\/06\/heartbleed_cupid_img1-640x356.png?resize=525%2C300 1.5x"},"classes":[]},{"id":9372,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/07\/05\/this-week-in-tech-673-the-prozac-dash-button\/","url_meta":{"origin":8789,"position":5},"title":"This Week in Tech 673: The Prozac Dash Button","author":"NCCT","date":"July 5, 2018","format":false,"excerpt":"https:\/\/youtu.be\/Wp3QiDVJwdA Reinventing Microsoft, Amazon\u2019s push into healthcare, new Apple Maps, and more. --Apple vs Samsung settled: our long international nightmare is over. --A proposed US law has patent trolls jumping for joy. --Amazon jumps into the healthcare business by buying online pharmacy PillPack. --Foxcon's new Wisconsin plant breaks ground. --Yet\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/Wp3QiDVJwdA\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/8789","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=8789"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/8789\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=8789"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=8789"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=8789"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}