Security Flaw on P1 DV 230 WiMAX Modem allows WiFi Stealing

Posted:  March 11, 2010   By:    37 comments   



P1’s DV 230 WiMAX Modem is one of the first WiMAX with WiFi modem that’s easy to use thanks to its simple plug and play approach. The only technical bit for the user is to enter the predefined WEP password which is uniquely customised for each USB WiFi Module.

It looks all good and dandy but there’s just one small problem. We found out that the “unique” WEP password isn’t that unique after all.

If you’ve seen or used one of these, you will notice that they will give a randomised Wireless Access Point name or SSID such as 07D24A and followed by a long WEP password such as 7D24A1FFB0. Sure, you think that this is all safe but recently it was brought to our attention that there’s a simple flaw with the way they created these unique WEP passwords.

How to access your neighbour’s default unconfigured P1 DV 230 Modem?

After reading up some postings online and comparison with our own, we’ve discovered a similar pattern in all P1 DV 230 modems. Here’s how you get the WEP Password from the SSID:

  1. Get the SSID. e.g. 02B92C
  2. Remove the first character. (02B92C -> 2B92C)
  3. Add 1FFB0 (Zero not the letter O) (WEP Password: 2B92C1FFB0)

Easy, isn’t it? By default, most P1 customers would just switch on the modem and surf away without any need of changing the password. Therefore, it is highly likely that anyone can scan their WiFi and search for a SSID that contains 6 random numbers which is most probably a P1 WiFi modem. With the technique above, anyone can access a default P1 DV 230 modem without much restriction.

We’re surprised that P1 didn’t actually randomised the WEP Passwords and to add more insult to the injury, P1 also didn’t also put much effort in educating its customers on the need of changing their WEP password for security reasons.

Disclaimer: We do not condone unauthorised use and stealing of other people’s WiFi connection. We’re not responsible if you’re caught stealing WiFi connection and you may be subject to legal action if found guilty of doing so.

How do you protect your P1 DV 230 Modem?

If you’re a P1 DV 230 Modem user, you can change your WiFi WEP Password to prevent your neighbours from potentially sucking up your limited monthly bandwidth with the steps below.

  1. From your browser which could be either Internet Explorer or Firefox, enter http://10.1.1.254
  2. Enter the following:
    Username: admin
    Password: admin123
  3. Click on Networking at the top right
  4. On the left, click on WiFi
  5. Click on NEXT at the bottom to see your WiFi security settings.
  6. Select Manual Define and you will be able to make changes to your SSID and WEP Password.
  7. Apply and reboot your modem by clicking on the power icon on the top right.
  8. Your laptop/computer will be disconnected and you may need to search for the P1 DV 230 modem with the new settings.

If you feel your P1 connection is faster or use less bandwidth after changing your password, it looks like you’ve been suckered by someone close by.

We hope that P1 will notify its customers on this and hopefully they won’t repeat such security flaw in their future products.

DV 230 Manual Download

[ SOURCE ]


P1, Players on the Field
, , , , ,
Wanna say something?






 

37 Comments for Security Flaw on P1 DV 230 WiMAX Modem allows WiFi Stealing

Kreuger

hi there. thanks for pinging back.
i notice that the default security can be hacked by one of my reader. but i didnt try it. agree with you that P1 should more alert about this issue.

kentut busuk

why r you tell them how to protect….aparaaaa

fizz

Thanx for your tips…It really works dude!! after i have changed the ssid and network key…the connection seems superfast back like the very first time i used this piece of s*&t modem…now i can play ps3 online at peace!!…thanks again…

Deshtroy

hei, boys and girls!!

soya cincau dah tell the teacher that we have been stealing wifi… nevermind, soya cincau is the pengawas…. hahahha, well soya cincau, i'm the original poster from azman ishak's blog and i have millions more interesting facts about REAL computing in malaysian context rather than your "cut-and-paste" materials.. so if you need more content that you can steal without CITING THE ORIGINAL AUTHOR, and pass it as your own discovery, you know where to reach me!! >.<

soyacincau

Thanks for dropping by. Wow even "experts" read our blog. kewl. Do visit more often ok

TM UniFi responds to router security concerns | SoyaCincau

[…] the first security vulnerability for ISP customers in Malaysia. Even P1 W1MAX has similar vulnerability for its DV-230 WiMAX modem with WiFi where its password has the same pattern as the SSID. If […]

nick

whn i type http://10.1.1.254 i cn c the page but whn i type the admin n admin123 it says there login fail..y is tat?

distressed

everytime i try to key in, and apply, it says Value must be HEX code or something. wtf is that?

TM Unifi | Jp Geeks

[…] isn’t the first security vulnerability for ISP customers in Malaysia. Even P1 W1MAX has similar vulnerability for its DV-230 WiMAX modem […]

hafiz101

help i can find my p1 wifi network but i found network adress like HT_AP0,HT_PO1,………i know that it come from my wifi modem how i solve this????

engineer

what about if the SSID is like 0F1D96..?
what is its security key..??
i cant aply the technique above to find its security key on that kind of SSID..

cincalok

f11d961ffb0

TEMPOYAK

soli F1D961FFB0

shaf

Someone stole the usb dongle that come with the dv 203 modem can they steal my bandwidth? What can be use on that usb dongle?

soyacincau

The USB dongle is just a wifi adapter and its not tied to your account. If the thief plugged it to his DV230, the connection still runs on his account.

Weird how people would steal such a thing, leaving the modem behind.

Baba

what about if the SSID is 2FD196?

what is the security key?

Muhammad Hafiq

Bro i got a problem .. I had wrong edit in Networking>Lan>Lan Setting [Lan IP Address default actually 10.1.1.254 , but i've change 127.0.0.1] .. now i cannot connect internet anymore .. also open wimax mobile station cannot .. i need help bro ..

D' madness

what modem you are using?…DX230-white modem try to search reset hole and do reset….you need to do it while the modem on…use your paper pin and press the button inside the whole for about 10-20 second then the light is off…your modem back to normal

@ayuhasman

thanks bro. you post really helpful!

harry

thankies,it works

anakMelayu

whether u use default password,or new password that u created by urself, i still can hack your wifi..
wifi password is very easy 1 to hack

anakorangputih

its okay,still can hack,do you want me teach you how..

siti

thanks SC. rite now my line quite smooth 😉

born

what about ssid 3F7FA0