Posted by Unknown on mars 18, 2018 | No comments
When you receive a Bbox Bouygues Telecom, a small label is provided with the modem to facilitate the Wifi configuration. This label mainly indicates two things: the SSID in the form Bbox-XXXXXX which is the name of your Wifi network and a WEP or WPA PSK key which is the password of your network allowing your Wifi devices to connect.
So far, so good. The initial configuration of the Bbox offering WPA (and WPA 2 in the options, I do not know if it is enabled by default against ...), the level of security may seem relatively correct. Only here, big problem. It is enough to know the name of the network to be able to find in a few seconds the Wifi key. All because of a key generation algorithm a bit silly and especially who was let discover.
And as no one changes the default password (it's so convenient, we even planned a small printed label to not forget its identifiers), the majority of users of Bbox are vulnerable. I personally did not change the password, probably by idleness, and especially because the WPA2 is secure enough in my mind.
Here is a small demonstration of the few commands that are enough to hack this Wifi key. First, it will download the BBkeys program in its Windows.
On Windows, then launch a command prompt (start-> Execute-> cmd), then move to the executable directory of BBkeys (cd <directory name>).
Then run the program as follow:
On Windows, then launch a command prompt (start-> Execute-> cmd), then move to the executable directory of BBkeys (cd <directory name>).
Then run the program as follow:
The identifier BBox corresponds to the sequence of letters and digits of the SSID, here in my case 6D0D6B.
The next second, we get the password in front of "potential key". And if you look at the label above, there is a strong resemblance is not it?
The next second, we get the password in front of "potential key". And if you look at the label above, there is a strong resemblance is not it?
Only solution to avoid nasty surprises in this time of Hadopi: change his password and the name of his network by going to the Bbox administration page at http: //gestionbbox.lan or 192.168. 1.254 ... unless another user has done it before you.
If you are at another ISP, you can also choose a Bbox-XXXXXX type.
If you are at another ISP, you can also choose a Bbox-XXXXXX type.
0 commentaires:
Enregistrer un commentaire