Experts warn: it is too easy to steal WiFi access key from TalkTalk ‘s Super Routers

Pierluigi Paganini May 23, 2018

Home Wi-Fi networks in the UK using Super Router provided by TalkTalk ISP are affected by a vulnerability that exposes them to cyber attacks.

Security researchers at software house IndigoFuzz have discovered a security flaw in the implementation of the WPS feature of the TalkTalk Super Router that can be exploited to compromise to steal the gateway’s wireless network password and take over them.

Experts reported the issue to TalkTalk ISP back in 2014, but currently the vulnerability is still present.

The routers implement a WPS pairing option that is turned on by default, but due to the security issues affecting WPS protocol an attacker within range can easily extract the Wi-Fi password of the device by using hacking tools available online.

“The vulnerability discovered allows the attacker to discover the Super Router’s WiFi Password by attacking the WPS feature in the router which is always switched on, even if the WPS pairing button is not used.” reads the blog post published by Indigofuzz.

According to IndigoFuzz’s advisory on Monday, the routers provide a WPS pairing option that is always turned on. Because that WPS connection is insecure, an attacker within range can exploit it using readily available hacking tools (i.e. Software ‘Dumpper’ available on Sourceforge (Tested with v.91.2)), and thus extract the router’s Wi-Fi password.

Attackers just need to be in the range of a TalkTalk Super Router, then probe it for the Wi-Fi password exploiting the insecure WPS feature and gain the gateway’s password.

Below the procedure described by the experts to compromise a network using the TalkTalk Super Router and obtain the WiFi access key.

  • Step 1: Run Dumpper and navigate to the WPS tab and select the target WiFi BSSID.
  • Step 2: Click ‘WpsWin’ to begin probing the BSSID for the WPS pin.
  • Step 3: After a couple of seconds, the WiFi access key to this network will be displayed bottom right.

talktalk Super Router 3

The experts explained that this attack is scalable to a broad range of TalkTalk Super Routers.

“This method has proven successful on multiple TalkTalk Super Routers belonging to consenting parties which is enough to suggest that this vulnerability affects all TalkTalk Super Routers of this particular model/version,” concluded the IndigoFuzz experts.

“TalkTalk have been notified of this vulnerability in the past and have failed to patch it many years later.”

Below the Timeline shared by the experts:

  • 21 May 2018 Delivered to TalkTalk.
  • 21 May 2018 Date of public release.

IndigoFuzz decided to immediately publicly disclose the issue because TalkTalk hasn’t taken any action since its first reports in 2014.

“The purpose of this article is to encourage TalkTalk to immediately patch this vulnerability in order to protect their customers,” concluded the experts.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – TalkTalk Super Router, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment