Internet Law

Experts warn of security flaw in Vodafone routers

IT experts have warned of major security flaws in Vodafone routers. These flaws could leave internet users open to cyber-attacks or identity fraud. If internet connections are used by fraudsters for illegal activities, innocent connection owners could have to face the legal consequences.

Experts warn of security flaw in Vodafone routers © ferkelraggae-Fotolia

Experts warn of security flaw in Vodafone routers © ferkelraggae-Fotolia

Vodafone router security

Germany’s Federal Office for Information Security (BSI) has issued a warning concerning the security of the Vodafone routers EasyBox 802 and EasyBox 803 (if manufactured pre August 2011).

The security flaw is in the WPS configuration and means hackers can obtain full access to the router and the corresponding network connection.

The orinigal aim of WPS, or Wi-Fi Protected Setup, was to allow for new devices to be added to a home network more easily. On the back of many devices a sticker displays an 8 digit PIN number. However, when within the Wi-Fi range, hackers are able to recover the WPS PIN, access the router and to discover the routers encryption key.

After that, hackers have full access to the network and can use the connection as if it were their own. This means hackers have complete access to passwords and other sensitive personal data.

Legal fears

As internet connection owners are strictly liable for their internet connections, the security flaw could have severe civil and criminal consequences for innocent internet users.

If a hacker uses the hacked connection to download or upload copyright-protected material, for example, the connection owner could receive a copyright infringement warning letter.

Worst still, the connection owner could receive a visit from the police if his hacked connection is used to view or exchange child pornography.

Deactivate WPS

The BSI offers the following advice to owners of the Vodafone routers affected:

  • Modify the default WPS PIN
  • Switch off WPS
  • Change the Wi-Fi encryption password

Information on how to implement these changes is available in the handbook for each router, which you can find here: EasyBox 802; EasyBox 803. The relevant details are in the “Wi-Fi” and “encryption” sections.

It is important to choose a password which fulfils WPA2 standards, as WPA encryption has proven to be comparably easy to hack. Therefore the password should differ from the default number and should be comprised of at least 8 characters, including letters and numbers.

Vodafone aware since December 2012

According to documentation published by Stefan Vieböck of SEC Consult, the person who discovered the security flaw, Vodafone has known about the problem since December 2012.

In a statement given to heise.de, the telecommunications company said it was working intensively to develop new firmware for the affected routers. Once introduced, the firmware will prevent hackers from accessing the routers in future, even if customers have not yet changed their passwords.

Nevertheless, owners of the affected routers should not wait for the firmware to be published, and should take the steps mentioned above to protect their internet connections.

Christian Solmecke is a partner at the law firm WILDE BEUGER SOLMECKE. He is the author of numerous legal publications in the area of internet and IT law. He is also an associate lecturer for social media law at the Cologne University of Applied Sciences.

Do you like this article? Feel free to rate it now:

1 Stern2 Sterne3 Sterne4 Sterne5 Sterne (1 Ratings, Average: 5.00 of 5)

RSSComments (0)

Leave a comment

Leave a comment

By submitting your comment, your consent to our privacy policy is deemed to be given.