Ziggo to protect wi-fi hotspots with certificates and increases speed – update

0
347

Ziggo is going to be wi-fi hotspots, for which the the modems of customers, securing with certificates. That has Ziggo ceo Ren Lwa Obermann Wednesday afternoon announced. In addition, the limit of 3Mbit/s per hotspotverbinding disappeared.

With the add of certificates lost Ziggo a vulnerability on that about a year ago, it was discovered and where the passwords and the data traffic of users intercepted could be. That could be because the hotspotnetwerk no certificates are used, allowing an attacker to a fake hotspot would be able to set up. The passwords of users have been gehasht, but not encrypted, and were using services like CloudCracker within a few hours or days to crack.

That should be impossible now, because certificates are used to verify the authenticity of a Ziggo hotspot; devices of users accept no connections with fake hotspots more. Nevertheless, there are also still question the safety. During a hackathon by Ziggo was organized, researchers may not have managed to break into the new, safer system, but they have a theory about it. “We may have to demand access to usernames and passwords of customers, but we have not yet been able to test,” said Erik Westhovens, the beveiligingsonderzoeker that the theory figured out. Later this week he will go together with Ziggo, test whether the theory is correct.

“Add certificates makes the wifispots much safer,” said Ziggo ceo René Obermann. When the problem of the wi-fi hotspots came to light, claimed Ziggo added that it was not necessary to take measures. “But you now think perhaps differently about things than a year ago,” said Obermann opposite Tweakers.

According to its Ziggo-colleague Herman Weerman, the telecom provider decided to solve the problem because the users felt unsafe due to the messages in the media’. Devices that the secure certificates do not, however, continue to use the old, vulnerable logon method. Users of some devices, such as Android smartphones, need to manually create a self-signed-Ziggo-install the certificate.

In addition, Ziggo the limit of 3 megabits per second per hotspot user are deleted. However, there is still a limit of 10Mbit/s for all users on one hotspot together, so the speed in many instances it is increasing. “In the future, it should still be faster”, promises Ziggo ceo Obermann. According to Ziggo devoid users joint 45 to 50 terabytes of data through a total of 1.3 million wi-fi hotspots; that equates to 1 percent of the total traffic of Ziggo. Of the hotspots, 71 percent use weekly, claims to be the provider.

Users complained that if they had wi-fi spots had set them at home with the wi-fi hotspot on their own Ziggo-modem connection is made, instead of using their own private network. “From 7 July, we roll out a firmware update that resolves”, says Weatherman of Ziggo. From then on, detect the modems when someone is at home; in that case the wi-fi-hotspotverbinding denied. However, customers can still suffer from neighbors with a wi-fi hotspot.

For are hotspots Ziggo as competitors KPN and UPC, the modems of customers. The company promises that the networks of users and the public hotspots are strictly separated. Customers who nevertheless don’t have a wifi hotspot on their modem, would like to host, can unsubscribe.

Incidentally, were the hotspots of UPC also with the vulnerability that Ziggo will resolve. Also, UPC has its hotspots of a certificate.

Update, 16:36: Information about the hackathon added.

Comments
(111)