Eircom has come in for criticism today following the discovery of a security flaw in its products which could allow strangers to use customers' internet connections without their knowledge.
The security flaw, which was revealed at the weekend on a website and in this morning's Irish Times, potentially allows hackers to access wireless broadband connections in buildings up to 30m (100ft) away, giving them free access to the internet and possibly enabling them to download illegal content via Eircom customers' accounts.
The security flaw relates to Netropia-branded wireless routers which are distributed to Eircom's broadband customers to enable them to connect to the internet.
The routers use a security protocol known as Wired Equivalent Privacy (WEP) which requires users of a network to enter a default 16-digit password, which is generated from the serial number of the device. However, an eight-digit number used to identify each user's wireless network is also derived from the serial number potentially enabling hackers to work out the full password.
The telecoms operator has now issued guidelines to its customers on how to generate their own unique password which removes the security risk via its website, broadbandsupport.eircom.net. The firm said it is also contacting affected customers directly.
However, Eircom came under attack from both politicians and consumer bodies this afternoon with Labour's spokesperson on Communications, Energy and Natural Resources, Liz McManus who said that the security flaw was "deeply worrying" and raised serious questions about Eircom's system of security monitoring.
"This problem has been highlighted as far back as April in the UK where there were arrests for using other people's wireless connections without permission," said Ms McManus. "Eircom must ensure that all its 250,000 customers are notified and given clear instructions on how to protect their networks. Also, it must improve it's own security monitoring so that its customers are not put at risk like this again in the future," she added.
The telecoms firm also came in for criticism from the Consumers Association of Ireland (CAI) who said that a small number of its members had contacted the organisation to get advice on the problem.
"The discovery of the security flaw is worrying because so many people now use the internet and it has has become the acceptable means of transmitting significant amounts of data and documentation personal to the consumer," the association's chief executive Dermott Jewell.
"This makes it a matter of serious concern from a data protection point of view, a financial perspective and equally as importantly, from a consumer angle."
Mr Jewell also warned that the problem would likely put off interested consumers from going online.
"Unfortunately stories like this bring in all the harbingers of doom and gloom who are likely to spread doubt among consumers as to the safety of using the internet. Realistically, Eircom have to do find a means of guaranteeing that the routers are secure if they are to bring confidence back," Mr Jewell added.
:quality(70)/s3.amazonaws.com/arc-authors/irishtimes/016623f1-a68b-427c-b57b-ea9950f2c2e4.png)