UPC WPA2 cracked by android app ?

Damien360

Quick question.

I happened to be browsing my cisco modem settings tonight and noticed 2 android devices on my connected clients list. There are no android devices in the house yet so I must assume someone else is on it. Host name starts with android in title.

I added both Mac addresses to the access deny list but I want to know if the cisco modem EP2425 can be easily cracked just like the eircom one when it had WEP.

I am using WPA2+TKIP/AES and have disabled WPA. I am also using homeplugs but they should be secure as I added my 2 devices to their own list (in provided software). I am wondering if this was their gateway to my settings. Password set also on my modem.

jameshayes

you sure about no android devices? Media players? Kindle Fire?

Damien360

jameshayes wrote: »

you sure about no android devices? Media players? Kindle Fire?

100% sure. I have a nexus 7 for wife as Xmas pressie. Turned it on and confimed it's Mac address and connection. Powered down fully and it disappeared off the connected devices.

Damien360

Just found one of the MAC addresses I blocked.

It was an Ipod touch which is iOS. When it reconnected after I unblocked it's MAC, it has no name in host for DHCP but if I connected using Static IP address on iOS then the lease does not renew and host name is STATIC IP.

Long shot but could my MAC address of ipod be emulated to get on to network on android device ? They would still need my WPA2 password.

Sponge Bob

Could be the wifi chip for an iPod or a genuine Android device is made by one manufacturer eg Qualcomm or Broadcom and that the UPC device assumes they are Android based on the MAC address range assigned (as they are) to the chipset manufacturer.

In other words right wifi chip manufacturer...wrong assumption.

Or else the hacker clones the MAC address, you would need some extra evidence that only you would know. Was the iPod on at the time or in the previous 24 hours

Damien360

Sponge Bob wrote: »

Could be the wifi chip for an iPod or a genuine Android device is made by one manufacturer eg Qualcomm or Broadcom and that the UPC device assumes they are Android based on the MAC address range assigned (as they are) to the chipset manufacturer.

In other words right wifi chip manufacturer...wrong assumption.

Or else the hacker clones the MAC address, you would need some extra evidence that only you would know. Was the iPod on at the time or in the previous 24 hours

Yes the ipod had been on in previous 24 hours but I was looking at the connected devices screen on UPC router which tells me currently connected wifi devices.

When I reconnected ipod it does not have a host name but does have mac address and IP address so pretty sure it was not the ipod which was connected.

Even if my MAC address was cloned that would still leave them requiring my WPA2 password.

zg3409

If your WPA2 password is 8 characters or less then increase the number of characters and add some random symbols.

Generally WPA2 is very, very heard to break is you have a random password more than 8 characters.

As other have said it may actually be a valid device you own. Reboot the router, sometimes they can show devices as connected that have not been used for ages.

As if the device has a password option for the administrator page then change that too.

The only practicaly way I think someone could be using your connection was if the password was one of the top 10,000 or 100,000 passwords and they automatically guessed it using automated software.

MBSnr

My router lists all connected devices and I was puzzled by a connection which turned out to be the Ethernet connection to the Sky box...!

Are you sure that it's only showing the Wi-Fi ones in connected devices. Could it be the Homeplug Ethernet connection?

BostonB

An TV's connected?

Riesen_Meal

Could you have had any friends or relatives connect maybe their mobiles via the wifi?

As far as I remember that router keeps logs forever, one in my mothers house, has logs from ages ago on there....

The only wifi cracking app on android is only WEP capable, I could be wrong though, I havent done much reading up in that department in a while... :P

Stuxnet

You'd be safer enabling MAC filtering on your router, and add your own devices to the whitelist,

also for an added layer of protection from n00bie hackers, disable broadcast of your SSID, and change its default name, this will hide your SSID, but obviously its still there, only devices that know the name of it and are on your mac address white list will be able connect

vibe666

zg3409 wrote: »

Generally WPA2 is very, very heard to break is you have a random password more than 8 characters.

you'd be surprised how easy it can be for someone who is determined enough to break into it, even with 8 characters. a good long passphrase with upper and lowercase letters, number & symbols is the key, along with making some other simple changes to your config to make it more difficult.

the trick is the same with any area of home security. you just make yourself a much more difficult target and they'll go elsewhere.

also, just because it's an android device connecting, doesn't mean it was cracked with that device.

there's a good article on exactly how people are likely to crack your wifi password and the best ways to secure your network here: http://www.smallnetbuilder.com/wireless/wireless-howto/31914-how-to-crack-wpa-wpa2-2012

mark17j

Hi OP, I have the 2425 also, and noticed a device connected to mine about a month ago, I just use 1 pc on the wifi, I do not use phones or any other devices on it. I clicked on "Access control" in modem settings and this connected device had a blank host name with a client id. I was using the default UPC password at the time with WPA PSK security/ AES Encryption. I changed the password to something very long and it has kept them out since.

Damien360

zg3409 wrote: »

If your WPA2 password is 8 characters or less then increase the number of characters and add some random symbols.

Generally WPA2 is very, very heard to break is you have a random password more than 8 characters.

As if the device has a password option for the administrator page then change that too.

It is a UPC device and when UPC sends a re-boot for new firmware to it, it reverts back to default password which is a pain in the ass. Device password for admin changed from none to 10 letter and number combo many moons ago

MBSnr wrote: »

My router lists all connected devices and I was puzzled by a connection which turned out to be the Ethernet connection to the Sky box...!

Are you sure that it's only showing the Wi-Fi ones in connected devices. Could it be the Homeplug Ethernet connection?

I was looking in the wifi connections only.

BostonB wrote: »

An TV's connected?

Samsung TV but not Wifi and disconnected from ethernet a year ago

mark17j wrote: »

Hi OP, I have the 2425 also, and noticed a device connected to mine about a month ago, I just use 1 pc on the wifi, I do not use phones or any other devices on it. I clicked on "Access control" in modem settings and this connected device had a blank host name with a client id. I was using the default UPC password at the time with WPA PSK security/ AES Encryption. I changed the password to something very long and it has kept them out since.

The apple devices have a blank host name. I changed my UPC router settings to WPA2 only, but password is still same. SSID is broadcast for ease of use. Some devices struggle to find it when not broadcasting (my blackberry phone). Might ask UPC to change the password and send it to firmware so it remains changed.

Next door neighbour is an IT graduate from DIT Kevin St., so I have my prime suspect but it would not be neighbourly to accuse him.

Sponge Bob

As UPC send out firmware about once a year they therefore leave their customers networks exposed once a year.

BostonB

Sponge Bob wrote: »

As UPC send out firmware about once a year they therefore leave their customers networks exposed once a year.

If you turn off Wifi on the UPC box and connect a better 3rd party wifi router. I assume that avoids that problem.

Damien360

BostonB wrote: »

If you turn off Wifi on the UPC box and connect a better 3rd party wifi router. I assume that avoids that problem.

That sounds like a plan. But I have phone line from UPC also. Any issues with router after modem with UPC phoneline ?

What about this from netgear

http://www.netgear.com/home/products/wirelessrouters/simplesharing/WNR1000.aspx#two

It's available from Elara with ok price

http://www.elara.ie/productdetail.aspx?productcode=MME0711942

zg3409

Personally I have disabled wireless years ago and I use a seperate unit. The BEST UNIT IN THE WORLD to use is one that uses open source software.

I would recommend searching ebay for "LINKSYS CISCO E3000 DUAL BAND GIGABIT WIFI N ROUTER REPEATER DD-WRT MEGA"

For less than 100 Euro you can get a world class unit with brilliant software and features. The UPC phone line will still work fine.

I have used this and similar units and nothing compares to them.

Damien360

zg3409 wrote: »

Personally I have disabled wireless years ago and I use a seperate unit. The BEST UNIT IN THE WORLD to use is one that uses open source software.

I would recommend searching ebay for "LINKSYS CISCO E3000 DUAL BAND GIGABIT WIFI N ROUTER REPEATER DD-WRT MEGA"

For less than 100 Euro you can get a world class unit with brilliant software and features. The UPC phone line will still work fine.

I have used this and similar units and nothing compares to them.

All these are US based. Not a big deal but I do not want to deal with customs. I am sure items of this value would stand out

justsomebloke

OP would it not be an idea just to change your password and then reconnect each device one at a time and take note of what they come up as on your router

Damien360

justsomebloke wrote: »

OP would it not be an idea just to change your password and then reconnect each device one at a time and take note of what they come up as on your router

The issue with that.... when the router re-boots for any reason whatsoever, it reverts to old password and I have to re-connect using laptop, change setting and re-change password.

vibe666

Damien360 wrote: »

All these are US based. Not a big deal but I do not want to deal with customs. I am sure items of this value would stand out

i'll second the vote for the Linksys E3000 and 3rd perty firmware, but there's no need to go to the US for them. most Irish tech suppliers will stock them and it's very easy to re-flash with a 3rd party firmware yourself in a few minutes.

personally i favour the tomato firmware, but there are other firmwares out there as well (openWRT springs to mind, but i'm sure there are others) besides DD-WRT which i personally don't favour after having some issues with older versions of it, not to mention the controversy over the guy who develops it. he's not a pedo or anything like that, afaik he ended up screwing some of the other devs to make money off it.

awesome router though and has all the hardware you could want in a router (gigabit ports, dual band, dual radio 300mbps wifi, decent cpu and ram etc.), so a good 3rd party firmware can make the most of it.

Damien360

Thanks for that vibe666

I can only find the E2000 from elara at a good price. Spec appears to be very similar/same ?

http://www.elara.ie/productdetail.aspx?productcode=ECE2081490

The E3000 is only available second-hand from amazon uk. It appears to be superceded by the E2500 (dual-band) from linksys which is €95 from elara and between 69 and 95 euro from amazon depending on model

http://www.amazon.co.uk/s/ref=nb_sb_noss?url=search-alias%3Daps&field-keywords=linksys+router+e2500

zg3409

Hi Damien,

The E3000 seems to be out of production now.
I would not use another unit until you comfirm compatability with open source software. This is because it normally adds features and is generally 100% rock solid 24/7 uptime.

There are 3 main types of software recommended
1) DD-WRT
2) Open-WRT
3) Tomato USB
You should confirm the device is compatable ideally with all 3 so you can pick and choose. DDWRT is probably easist to install, Tomato is probably best for common uses, and Open WRT more for tinkerers.

Also you should ensure the device has all the lastest features such as:
1) Gigabit ethernet with more than one power and a WAN and LAN port
2) 5Ghz wireless and 2.4Ghz wireless
3) The ability to use both bands at full speed at the exact same time
4) Any other features you may need such as external removable aerials etc
5) Lots of RAM and Flash etc to store the software
6) Ideally a USB port for more storage (some allow a hard drive to work as a NAS), or a shared USB printer
7) Tested and confirmed to be rock solid

I will try come up with the latest recommended model. By the way you don't want an ADSL modem inbuilt for UPC

kippy

Christ, this thread has meandered some what.
OP asks question, question answered (within reason) Either these are "old devices" OR they are some other device that is legitmately on your network but has been picked up wrong and then people advise the OP to buy a new router.....
Maybe the OP wants a new router, based on this thread though I really don't know why.

zg3409

I had a look at cross compatability. The E3000 is still the best. Newer models don't work as well. Personally I would go for a secondhand or US E3000 with DDRWT pre-installed. Afterwards you then have the option of looking at the other firmwares.

Often the newest model of equipment has glitches for a year or two until all the glitches are ironed out.

zg3409

kippy wrote: »

Maybe the OP wants a new router, based on this thread though I really don't know why.

Quickly, It is near impossible to change the password on the UPC unit.
Also the UPC unit (depending on model) can not operate on 5Ghz and 2.4Ghz at the same time. Thus if you have one laptop on 5Ghz and another on 2.4Ghz the radio is switching bands all the time. The model recommended could be three times faster in that situation.

Asking the UPC Cable modem to be a wireless router is a bit of a stretch. A seperate unit is much faster, more reliable, can log statistics, work with storage and printers etc etc. It can act as a VPN to give a UK IP etc. etc.

In this given situation I would be able to see how much that unknow device had downloaded, log what I.P.s they connected to, and do a reverse DNS lookup to see what websites were being viewed. It would have answered the question as to who the unknown device belongs.

For serious users a cable is best, next best is a world class wireless router. I have up to 10 computers on my network, both wired and wireless.

kippy

zg3409 wrote: »

Quickly, It is near impossible to change the password on the UPC unit.
Also the UPC unit (depending on model) can not operate on 5Ghz and 2.4Ghz at the same time. Thus if you have one laptop on 5Ghz and another on 2.4Ghz the radio is switching bands all the time. The model recommended could be three times faster in that situation.

Asking the UPC Cable modem to be a wireless router is a bit of a stretch. A seperate unit is much faster, more reliable, can log statistics, work with storage and printers etc etc. It can act as a VPN to give a UK IP etc. etc.

In this given situation I would be able to see how much that unknow device had downloaded, log what I.P.s they connected to, and do a reverse DNS lookup to see what websites were being viewed. It would have answered the question as to who the unknown device belongs.

For serious users a cable is best, next best is a world class wireless router. I have up to 10 computers on my network, both wired and wireless.

Indeed, for 99% of the population however, the supplied UPC cable modem is grand for their needs, and in the case of this user with his specific "issues" I don't see why recommending a new router is the best course of action, especially when the user would have to do some work in order to get their new router setup correctly for their environment, as opposed to the UPC one which is generally setup when it comes out of the box.....

I know exactly what you are saying, there are better out there for a bit of an investment, but is this going to be worth it for the OP? I think not.

Damien360

OP here:

I am a bit better than the average user at networking etc as I do it as part of my job (not IT).

I would like to block out the unknown user from my network from a privacy point of view. i.e. If they are downloading porn from my UPC connection, then I get the heat from it should it turn out to be very nasty. It will be considered my content.

Changing the UPC password is not workable, as it reverts to original on re-boot, which it appears to be doing a lot of lately (twice a week for no reason). Changing my wireless access point is an option I would like to try and it opens up new possiblities.

The custom firmware is not really necessary. A good device which is future proofed at a good price.

UK IP is a nice option but i can do that with a windows program for the PC's. Would be nice addition to wireless devices but not essential.

Central printer is for the future when my existing HP 940 gives up and this was discussed as essential to have wireless printing for our next printer purchase.

NAS storage is something I want soon and i was not aware that USB storage was a usable option. I always thought it had to be a LAN port device.

A replacement wireless router would solve the privacy issue and would open a new world of options further down the road.

BostonB

kippy wrote: »

Indeed, for 99% of the population however, the supplied UPC cable modem is grand for their needs, and in the case of this user with his specific "issues" I don't see why recommending a new router is the best course of action, especially when the user would have to do some work in order to get their new router setup correctly for their environment, as opposed to the UPC one which is generally setup when it comes out of the box.....

I know exactly what you are saying, there are better out there for a bit of an investment, but is this going to be worth it for the OP? I think not.

Define grand? A new router gives

1) a permanent fix to the security issue. (the OP original issue?)
2) is faster

kippy

BostonB wrote: »

Define grand? A new router gives

1) a permanent fix to the security issue. (the OP original issue?)
2) is faster

What security issue? Faster, really?