SecPoint Logo

SpeedPort WiFi WPA Routers vulnerable to attack easily hacked

German Telecommunication companies which widely use Speedport routers need to update their router security fast!

The model W700V ADSL Speedport Wi-Fi router, which uses WPA keys for its connection security, and the W500V models are both in peril from lax security measures.

The factory-default settings used with the WPA security

On these routers are easily circumvented.

How? The key used for these routers are very readable.

The first 3 characters of the default key is “SP-“.

This is followed by five hexadecimal characters which represent the SSID and MAC address, both of which could easily be found out by monitoring router traffic.

The remaining 4 hexadecimal characters contain 2 characters with the same value.

If a proper script were made to brute-force connect to a router, it would take an attacker 4,096 attempts to compromise a Speedport router. 

The only way to keep safe from this kind of attack is to reconfigure your wireless router and change the WPA key being used.

Very effective passkeys should have these characteristics: (1) at least be 8 characters in length, (2) should contain numbers, (3) combinations of capital and small letters, and (4) should not contain words that can be easily found in dictionaries, etc.

The uses of special characters strengthen your WPA key as some routers process and display special characters in different ways.

System administrators are suggested to update their WPA configuration to avoid this security vulnerability. 

Similar routers share the same problem such as SpeedTouch and Netgear routers.

The sad thing is that Speedport W700V model was also previously reported to be unsecured.

It had a bug that allowed it to be access remotely from the internet which was since then, corrected.

This model has already been phased out although many of these devices still remain in use.

This Speedport model was packaged with T-DSL promotional packages.

The newer version W701V from AVM is safe from this WPA flaw and currently being sold and distributed in stores.

The flawed models were made by Arcadyan, which is under the Compal group of companies.