07. August 2013
IT experts have warned of major security flaws in Vodafone routers. These flaws could leave internet users open to cyber-attacks or identity fraud. If internet connections are used by fraudsters for illegal activities, innocent connection owners could have to face the legal consequences.
Vodafone router security
Germany’s Federal Office for Information Security (BSI) has issued a warning concerning the security of the Vodafone routers EasyBox 802 and EasyBox 803 (if manufactured pre August 2011).
The security flaw is in the WPS configuration and means hackers can obtain full access to the router and the corresponding network connection.
The orinigal aim of WPS, or Wi-Fi Protected Setup, was to allow for new devices to be added to a home network more easily. On the back of many devices a sticker displays an 8 digit PIN number. However, when within the Wi-Fi range, hackers are able to recover the WPS PIN, access the router and to discover the routers encryption key.
After that, hackers have full access to the network and can use the connection as if it were their own. This means hackers have complete access to passwords and other sensitive personal data.
As internet connection owners are strictly liable for their internet connections, the security flaw could have severe civil and criminal consequences for innocent internet users.
If a hacker uses the hacked connection to download or upload copyright-protected material, for example, the connection owner could receive a copyright infringement warning letter.
Worst still, the connection owner could receive a visit from the police if his hacked connection is used to view or exchange child pornography.
The BSI offers the following advice to owners of the Vodafone routers affected:
- Modify the default WPS PIN
- Switch off WPS
- Change the Wi-Fi encryption password
Information on how to implement these changes is available in the handbook for each router, which you can find here: EasyBox 802; EasyBox 803. The relevant details are in the “Wi-Fi” and “encryption” sections.
It is important to choose a password which fulfils WPA2 standards, as WPA encryption has proven to be comparably easy to hack. Therefore the password should differ from the default number and should be comprised of at least 8 characters, including letters and numbers.
Vodafone aware since December 2012
According to documentation published by Stefan Vieböck of SEC Consult, the person who discovered the security flaw, Vodafone has known about the problem since December 2012.
In a statement given to heise.de, the telecommunications company said it was working intensively to develop new firmware for the affected routers. Once introduced, the firmware will prevent hackers from accessing the routers in future, even if customers have not yet changed their passwords.
Nevertheless, owners of the affected routers should not wait for the firmware to be published, and should take the steps mentioned above to protect their internet connections.
Are you looking for a lawyer? Immediate help from a lawyer.
+49 (0) 221 / 951 563 0 Call us for an initial free consultation. Mon – Sun 8 am to 10 pm
Ask us for free initial assessment!
Categories: Internet Law