Quirks in Tech

WPA2-PSK is recognized as a pretty reasonable way for most consumer to secure their wifi access point. That said, this mechanism falls pretty flat on its face when router manufacturers screw up, and it looks like Belkin has screwed up badly. From a Register article we see that

Each of the eight characters of the default passphrase are created by substituting a corresponding hex-digit of the WAN MAC address using a static substitution table. Since the WAN MAC address is the WLAN MAC address + one or two (depending on the model), a wireless attacker can easily guess the wan mac address of the device and thus calculate the default WPA2 passphrase.

This is just really poor mechanism to calculate the password. At least the manufacturer has been totally silent on the issue, and unwilling to disclose how they intend to defray potential attacks; this gives the possibility that Belkin’ll fix things instead of just abandoning consumers (which seems to be, sadly, a pretty default vendor response when their errors undermine users’ privacy and security). Here’s hoping that Belkin decides to not be like most router vendors…

Apparently folks in the DSLReports Forums are reporting some issues with their new smart meters:

Users in our forums direct our attention to claims that at least one small WISP has had their service put out of commission due to electric utility smart meters operating in the 900 MHz band. We’ve previously noted how utility smart meters are interfering with residential Wi-Fi routers, and we’re seeing agrowing number of complaints about the meters interfering with other residential gear as well. The solution from utilities so far appears to be the hope that all consumers migrated to 2.4GHZ and 5.8 GHZ bands so they don’t have to change. However, some smart meters also use the 2.4 GHz range.

I hadn’t really considered interference as one of the issues with smart meters - most of my time has been spent looking at the privacy, payment, and security issues that these meters have exhibited over the past decade - but I guess I shouldn’t be surprised. If consumers are being forced to adopt the next-gen electrical surveillance kit I have to wonder: can at least negotiate for a free router to go with their electrical update?