Weak firmware encryption and predictable WPA key on Sitecom routers =================================================================== [ADVISORY INFORMATION] Title: Weak firmware encryption and predictable WPA key on Sitecom routers Discovery date: 17/02/2014 Release date: 24/04/2014 Credits: Roberto Paleari (@rpaleari) Alessandro Di Pinto (@adipinto) Advisory URL: http://blog.emaze.net/2014/04/sitecom-firmware-and-wifi.html [AFFECTED PRODUCTS] We confirm the presence of the security vulnerability on the following products/firmware versions: * Sitecom WLR-4000 v1 001 * Sitecom WLR-4004 v1 001 Other device models and firmware versions are probably also vulnerable, but they were not checked. [VULNERABILITY DETAILS] Affected routers are subject to a security issue which allows an attacker to calculate the default WPA passphrase/admin password starting from the device MAC address. More in detail, affected firmware versions generate the default wireless keys and access credentials starting from publicly-accessible information, such as the MAC address of the Wi-Fi interface. The algorithm used to generate these keys is included inside the firmware image. As a consequence, attackers located nearby a vulnerable device (i.e., within the Wi-Fi network range) can calculate the default wireless password, authenticate to the Wi-Fi network (if the passphrase has not been changed by the user) and access the LAN of the victim user. In addition, the firmware image of the affected Sitecom routers is encrypted using a trivial XOR-based scheme. The key can be derived through a "known-plaintext" attack focusing on the image padding bytes, which are typically set to zero in an unencrypted firmware. The two device models we analyzed (i.e., WLR-4000 and WLR-4004) use different XOR keys, but the encoding scheme is the same. Additional details are provided on Emaze blog, together with a Python script that implements the wireless key generation algorithm. See the "Advisory information" section for the actual URL. [REMEDIATION] Emaze informed Sitecom about these issues on February 17th, 2014. Sitecom confirmed that future device models will not rely on the same algorithms for the generation of the wireless keys. Obviously, existing devices will remain vulnerable. For this reason, we strongly suggest Sitecom users to use a wireless key different from the default one. [COPYRIGHT] Copyright(c) Emaze Networks S.p.A 2014, All rights reserved worldwide. Permission is hereby granted to redistribute this advisory, providing that no changes are made and that the copyright notices and disclaimers remain intact. [DISCLAIMER] Emaze Networks S.p.A is not responsible for the misuse of the information provided in our security advisories. These advisories are a service to the professional security community. There are NO WARRANTIES with regard to this information. Any application or distribution of this information constitutes acceptance AS IS, at the user's own risk. This information is subject to change without notice.