Eircom, an ISP in Ireland, has come under fire for an oversight that results in lax security at their customers houses. The problem is the broadband routers they supply, which can feature a wireless AP mode. It seems that many of these wireless routers are all shipped out with the exact same WEP configuration - despite the devices supporting other protocols like WPA-PSK. This particular flaw stems frm the WEP key being generated from the serial number, which is readily accessible. This is only a default configuration - the devices are still user-configurable to use other security keys or protocols.

When I saw this security article, I was a bit shocked. Not in that I was shocked at yet another piece of hardware or software being vulnerable to an exploit or having a serious flaw from the factory, but because of the issue brought up being Eircom's policies, rather than WEP. In and of its nature, WEP has been inherently a primitive form of encryption that has been easily defeatable for many years now. No matter the hardware, relying on a single shared key WEP system does not promote any security, as even with run of the mill hardware and a few hours of research you can defeat WEP in an hour, perhaps a few minutes if you are a bit more clever about it.

WEP being compromised? Not surprising at all. What is very surprising, however, is that Eircom defends WEP as a secure enough protocol to use for its customers. There's already enough false senses of security on the Internet today.