If you have an SFR or Orange subscription for your internet connection, you might have some problems. Members of the crack-wifi forum have discovered a security flaw in the internet boxes of the brands mentioned above. The problems would affect certain boxes in particular, and the worst thing is that it seems very simple to bypass the security system and hack the Wi-Fi access of the boxes concerned.
The flaw comes from the WPS authentication protocol. To connect your devices via Wi-Fi, several methods are possible: enter a digital code (often placed under the internet box), press a pairing button, use a USB key or NFC technology. Except that some models agree to be paired without the famous WPA2 key, with a simple PIN with a "NULL" value. Blame it on an error in the firmware of these machines.
How to protect yourself?
No need to be a great pirate. It would be enough to go through a Linux distribution and a tool distributed on GitHub to access a third-party box. However, you can protect yourself by disabling WPS pairing, which is enabled by default. To do this, you must connect to the administration interface of your router (at this address), go to the settings related to Wi-Fi and uncheck WPS pairing. An update of the boxes concerned should be broadcast by the operators in the coming days.
The boxes concerned
The number of boxes concerned continues to grow. Among the versions listed by Zataz and the crack-wifi forum, we find the Livebox 2 and 3 Sagemcom, the SFR Neufbox 4 (NB4-FXC-r1), 6 (NB6V-FXC-r0) and 6V (NB6V-FXC-r1) boxes. rXNUMX) or Numericable Netgear boxes. The other affected models are listed gradually on the crack-wifi forum, as the community carries out tests.
