ABOUT 20 per cent of businesses that were supplied with Eircom wireless routers which had a security flaw have not taken steps to secure them, according to IT services firm BITS.
Gavin Dixon, managing director of BITS, said his firm noticed that a large number of its new customers were still using the Netopia-manufactured routers. Since they began actively monitoring the situation, BITS has found that 20 per cent of small and medium enterprises with which they deal had not secured the routers.
“It’s amazing really,” said Mr Dixon. “You don’t have to go to far to find an app or website that will enable you to access those networks.”
The flaw affected about 250,000 Netopia routers shipped to homes and businesses between 2005 and 2007. They used a security protocol called wired equivalent privacy (WEP), which requires a 16-digit password to access the network. The default security code is generated from the serial number of the router which is also used to drive the eight-digit network name of the network.
Using simple hacking tools, which are freely available for smartphones or laptops, the eight-digit network name can be input and the secure password generated.
Mr Dixon said it was largely inertia that was causing people not to make changes to their networks. “A lot of times we go into a customer and there’s a new router sitting there,” he said, “but they haven’t set it up because as far as they are concerned the old one is working fine.”
He added that Eircom needed to “take more ownership of the problem”. The telecommunications company’s advice that only people “with an advanced working knowledge of encryption and coding techniques” could take advantage of the flaw had given people a false sense of security.