Securitygap for UPC Wi-Fi Routers

Today there was an article in the newspaper that UPC Cabelcom customers should change their Wi-Fi passwords immediately if they haven’t done it allready. The reason for that is that an attacker can get the Wi-Fi password because of the SSID. The WLAN SSID and Password is not just a random value, it can be calculated trough the routers serial number.

technicolor_tc7200_kanal_2On the routers backside there should be a label like this where we find the routers serial number, MAC address and the default SSID and password for 2.4GHz and 5.0GHz WiFi access.

The technical background information about the algorithm that is beeing used to calculate the password can be found here.

A source code written in C for a program to calculate the UPC Wi-Fi keys can be found here, but there are also some web based applications available:
http://haxx.in/upc-wifi/
https://upc.michalspacek.cz/
https://www.0x.tf/upc/upc_keys.html

I was curious if I find somewhere a picture in the web that shows a UPC router from the backside with the label that I can test the password calculator. 😉

tc7200-al

OK there is one: SSID is UPC1380292 and the password for 2.4Ghz is: CZVZMMYX

calculator1

No match! Let’s try it with another one! In both cases below the calculator seems to work! The differnce to the first one is that the last two digits from the serial number and the SSID are identical. This seems to be an important criteria that the calculation works!

tc-7200u-modem-routertc-7200u-modem-router2

calculator2

calculator3

Official Facebook message from UPC Austria (German). If you are a cablecom customer take care!

upc_facebook

Ersten Kommentar schreiben

Antworten

Deine E-Mail-Adresse wird nicht veröffentlicht.


*