• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About
    • Stephen Foskett
      • My Publications
        • Urban Forms in Suburbia: The Rise of the Edge City
      • Storage Magazine Columns
      • Whitepapers
      • Multimedia
      • Speaking Engagements
    • Services
    • Disclosures
  • Categories
    • Apple
    • Ask a Pack Rat
    • Computer History
    • Deals
    • Enterprise storage
    • Events
    • Personal
    • Photography
    • Terabyte home
    • Virtual Storage
  • Guides
    • The iPhone Exchange ActiveSync Guide
      • The iPhone Exchange ActiveSync Troubleshooting Guide
    • The iPad Exchange ActiveSync Guide
      • iPad Exchange ActiveSync Troubleshooting Guide
    • Toolbox
      • Power Over Ethernet Calculator
      • EMC Symmetrix WWN Calculator
      • EMC Symmetrix TimeFinder DOS Batch File
    • Linux Logical Volume Manager Walkthrough
  • Calendar

Stephen Foskett, Pack Rat

Understanding the accumulation of data

You are here: Home / Everything / Apple / MAC Addresses Are Bad Passwords

MAC Addresses Are Bad Passwords

August 19, 2008 By Stephen 1 Comment

Sprint USB EV-DO + Cradlepoint personal hotspot = sweet!
Sprint USB EV-DO + Cradlepoint personal hotspot = sweet!Default password = bad!

As I posted the other day, my new Cradlepoint PHS300 3G router is just awesome, and I would happily recommend it to anyone. If you do get one, however, be sure to change the default password immediately. The seemingly-strong password is worse than insecure – it’s available to anyone who asks whenever the router is powered on!

Let’s back up, though. When I first set up the router, I was impressed by how simple it was. Turn it on and its Wi-Fi LAN appears almost immediately. Connect to the LAN and your browser is redirected to the router’s management interface (at 192.168.0.1).

I was happy to see that, unlike nearly all router manufacturers, Cradlepoint does not use a default password. Rather, each router has its own unique password – the last six hexadecimal characters of the MAC address, which is printed on a sticker on the bottom of the unit. At the time, this seemed much better than the big manufacturers, which tend to use the easily-guessable “admin” or another short, simple-to-crack word.

But the Cradlepoint also uses the last three characters of the MAC address as its default Wi-Fi SSID. So three of the password’s six characters are broadcast constantly to anyone who cares to see, regardless of whether they are even connected to the LAN! This literally makes the password 4,096 times easier to guess. My router’s SSID was “PHS-28a”, and the password was “02828a” – see the problem?  Amazingly enough, though, this isn’t the worst problem!

Most people know that DNS servers translate domain names (like “blog.fosketts.net”) into IP addresses (like “208.113.206.204”). But Ethernet networks (including Wi-Fi) use a different addressing scheme, and IP addresses themselves must be translated into a MAC address (like “00:30:44:02:82:8a”) before it can transmit data. Any connected client can use a command line program called arp to look up a MAC address, which means they can simply ask the router for the MAC thus discover the password. See my password in that example? But wait, it gets worse still!

Cradlepoint suggests setting a connection password, which will keep people from using its 3G connection but will do nothing to prevent them from using arp to find out the router’s password. Smarter people will turn off the SSID broadcast or use a WEP password, which will keep them from connecting to the router’s Wi-Fi network. Although this will stop the arp attack, the password is still vulnerable. See, the address is included as part of every Wi-Fi packet in plaintext, and as any wardriver will tell you, it’s simple to snoop on Wi-Fi packets. So the router is continually transmitting its password, whether one is connected or not. One would need to figure out the WEP password in order to connect, but there are techniques that allow this, and the attacker would then be able to use the administrator password to reconfigure the router.

The Cradlepoint also supports WPA/WPA2, which is much more secure than WEP and would dramatically improve the situation, but not all devices support it. But the real solution is much simpler – change the administrator password to something much more secure. Sadly, most people won’t do any of this – they’ll leave the password as it is and thus leave their router totally open to attack.

But let me just take a moment to beg those who read this post: Don’t ever use a MAC address as a password!

You might also want to read these other posts...

  • How To Connect Everything From Everywhere with ZeroTier
  • Electric Car Over the Internet: My Experience Buying From…
  • Liberate Wi-Fi Smart Bulbs and Switches with Tasmota!
  • Tortoise or Hare? Nvidia Jetson TK1
  • How To Install ZeroTier on TrueNAS 12

Filed Under: Apple, Terabyte home Tagged With: Cradlepoint, IP address, MAC address, PHS300, security, WEP, Wi-Fi, WPA

Primary Sidebar

Storage people known as much about networking
as networking people know about storage!

Stephen Foskett

Subscribe via Email

Subscribe via email and you will receive my latest blog posts in your inbox. No ads or spam, just the same great content you find on my site!
 New posts (daily)
 Where's Stephen? (weekly)

Download My Book


Download my free e-book:
Essential Enterprise Storage Concepts!

Recent Posts

How To Install ZeroTier on TrueNAS 12

February 3, 2022

Scam Alert: Fake DMCA Takedown for Link Insertion

January 24, 2022

How To Connect Everything From Everywhere with ZeroTier

January 14, 2022

Electric Car Over the Internet: My Experience Buying From Vroom

November 28, 2020

Powering Rabbits: The Mean Well LRS-350-12 Power Supply

October 18, 2020

Tortoise or Hare? Nvidia Jetson TK1

September 22, 2020

Running Rabbits: More About My Cloud NUCs

September 21, 2020

Introducing Rabbit: I Bought a Cloud!

September 10, 2020

Remove ROM To Use LSI SAS Cards in HPE Servers

August 23, 2020

Test Your Wi-Fi with iPerf for iOS

July 9, 2020

Symbolic Links

    Featured Posts

    New England Takes On Seattle To Determine Who’s Number 2 … In Tech!

    January 19, 2015

    Ranting and Raving About the 2018 iPad Pro

    November 11, 2018

    Defining Failure: What Is MTTR, MTTF, and MTBF?

    July 6, 2011

    MacBook Users: Encrypt Your Drive with OS X FileVault! It’s Easy and Free!

    December 20, 2012

    Frequent Flier Kung Fu for Novices

    March 12, 2012

    Introducing Rabbit: I Bought a Cloud!

    September 10, 2020

    My Core i7 Macintosh SE

    May 25, 2017

    Co-Processors, GPGPU, and Heterogeneous Computing

    June 26, 2017

    The Rack Endgame: Open Compute Project

    September 17, 2014

    Scaling Storage At The Client

    November 25, 2013

    Footer

    Legalese

    Copyright © 2022 · Log in