In one of my previous posts I explained a little bit about the flaw in the WPS system and how to exploit it. To summarize the flaw in the WPS enabled you to bruteforce the eight-digit pin code, and thereby get access to a otherwise secured wireless network. In the meantime then flaw is still there, many manufactures of routers has “fixed” this by limiting the number of WPS attempts to their device before locking up for a certain amount of time. The same is true with TDC HomeBox.
TDC HomeBox is preconfigured for the typical user with a predefined SSID of HomeBox-xxxx. Where xxxx represent the last four digits of the MAC address. When logging on the first time the users are instructed to use the WPS PIN from a sticker on their router. After that, they are good to go. Do you think that the average user logon to the router and disables WPS afterwards? In other words – There are a hell of a lot preconfigured routers out there, which never gets reconfigured after the initial setup! And here is the fun part – All TDC Homeboxs I have come across seems to accept the WPS PIN 12345670 – the first PIN that the WPS bruteforce application Reaver tries!
Of course, I tried contacting TDC regarding this problem. I got in touch with a friendly administrator at TDC Forum who asked me to mail him some details and he would forward them to the proper authorities, from there they would contact me directly. I wrote a long mail, explaining the problem and sent him the same day. A week passed with no response. I wrote the guy asking if he had gotten the mail, and still nothing. It has been a month since I sent the mail – I guess that means TDC thinks it is not relevant information?
Of cause, I could be wrong and not all TDC HomeBoxes are effected, but I am still to find one that is not. Here are pictures of four total different boxes, which all seems to accept the WPS PIN 12345670 and thereby all hacked within seconds.
TDC is one of the biggest ISPs in Denmark. Have a look at wireless networks in your area – chances are you have one or more HomeBox-xxxx networks in your area. I my opinion you might as well put up a big sign saying FREE WIFI. If you own one of this boxes youself, please log in and disable WPS.
Any chance you have come across the WPS pin for the New TDC homeboxes? i.e. Sagemcom Fast 5340
Please help me if you want. I have a TDC with 500Gb hdd and I was changed this with a ssd for music only but before I formated original hdd. Then I read as the software was in hdd, so now can’t use. I tryed transform to Zyxel310 folowing more forum indications but no result. My router find this at 192.168.1.5, pig is <1 sec. and one log from flash look: led_state_map_addr = 4b
board_model=(DA01), file_model=(A203) … NOT equal!
led_state_map_addr = 4a led_state_map_addr = 5
led_state_map_addr = 15 No ras.bin found but ras.bin is processed… I have 63 years and I'm noobie for this operations…
Can you help me make function like a Zyxel? I will be verry happy…
The best considerations! – Mihai – Romania mihaistoica@mail.com