TechSpot means tech analysis and advice you can trust. Read our ethics statement.
Eircom, an ISP in Ireland, has come under fire for an oversight that results in lax security at their customers houses. The problem is the broadband routers they supply, which can feature a wireless AP mode. It seems that many of these wireless routers are all shipped out with the exact same WEP configuration - despite the devices supporting other protocols like WPA-PSK. This particular flaw stems frm the WEP key being generated from the serial number, which is readily accessible. This is only a default configuration - the devices are still user-configurable to use other security keys or protocols.
When I saw this security article, I was a bit shocked. Not in that I was shocked at yet another piece of hardware or software being vulnerable to an exploit or having a serious flaw from the factory, but because of the issue brought up being Eircom's policies, rather than WEP. In and of its nature, WEP has been inherently a primitive form of encryption that has been easily defeatable for many years now. No matter the hardware, relying on a single shared key WEP system does not promote any security, as even with run of the mill hardware and a few hours of research you can defeat WEP in an hour, perhaps a few minutes if you are a bit more clever about it.
WEP being compromised? Not surprising at all. What is very surprising, however, is that Eircom defends WEP as a secure enough protocol to use for its customers. There's already enough false senses of security on the Internet today.