In one of my previous posts I explained a little bit about the flaw in the WPS system and how to exploit it. To summarize the flaw in the WPS enabled you to bruteforce the eight-digit pin code, and thereby get access to a otherwise secured wireless network. In the meantime then flaw is still there, many manufactures of routers has “fixed” this by limiting the number of WPS attempts to their device before locking up for a certain amount of time. The same is true with TDC HomeBox.
TDC HomeBox is preconfigured for the typical user with a predefined SSID of HomeBox-xxxx. Where xxxx represent the last four digits of the MAC address. When logging on the first time the users are instructed to use the WPS PIN from a sticker on their router. After that, they are good to go. Do you think that the average user logon to the router and disables WPS afterwards? In other words – There are a hell of a lot preconfigured routers out there, which never gets reconfigured after the initial setup! And here is the fun part – All TDC Homeboxs I have come across seems to accept the WPS PIN 12345670 – the first PIN that the WPS bruteforce application Reaver tries!
Of course, I tried contacting TDC regarding this problem. I got in touch with a friendly administrator at TDC Forum who asked me to mail him some details and he would forward them to the proper authorities, from there they would contact me directly. I wrote a long mail, explaining the problem and sent him the same day. A week passed with no response. I wrote the guy asking if he had gotten the mail, and still nothing. It has been a month since I sent the mail – I guess that means TDC thinks it is not relevant information?
Of cause, I could be wrong and not all TDC HomeBoxes are effected, but I am still to find one that is not. Here are pictures of four total different boxes, which all seems to accept the WPS PIN 12345670 and thereby all hacked within seconds.
TDC is one of the biggest ISPs in Denmark. Have a look at wireless networks in your area – chances are you have one or more HomeBox-xxxx networks in your area. I my opinion you might as well put up a big sign saying FREE WIFI. If you own one of this boxes youself, please log in and disable WPS.