Eircom criticised over web security flaw

Eircom has come in for criticism today following the discovery of a security flaw in its products which could allow strangers to use customers' internet connections without their knowledge.

The security flaw, which was revealed at the weekend on a website and in this morning's Irish Times , potentially allows hackers to access wireless broadband connections in buildings up to 30m (100ft) away, giving them free access to the internet and possibly enabling them to download illegal content via Eircom customers' accounts.

The security flaw relates to Netropia-branded wireless routers which are distributed to Eircom's broadband customers to enable them to connect to the internet.

The routers use a security protocol known as Wired Equivalent Privacy (WEP) which requires users of a network to enter a default 16-digit password, which is generated from the serial number of the device. However, an eight-digit number used to identify each user's wireless network is also derived from the serial number potentially enabling hackers to work out the full password.

The telecoms operator has now issued guidelines to its customers on how to generate their own unique password which removes the security risk via its website, broadbandsupport.eircom.net. The firm said it is also contacting affected customers directly.