Huawei Cipher Weakness

According to this post on Bugtraq earlier this week, the Huawei HG520 and HG530 home WAPs have a weak generation scheme for the default encryption key – it can be generated from the device’s MAC address. And since the MAC address is available to anyone on the network, that means that the encryption key can be generated by anyone who is passively eavesdropping on traffic.

Just another example of why you should never, ever, use the vendor’s default password for anything. Even if it’s “secure” and “unique”. There has to be some way to generate it reliably during manufacturing, and that algorithm is rarely secure enough to rely upon.

Leave a Reply

Your email address will not be published. Required fields are marked *