Link

Belkin #Fails At Password Creation

WPA2-PSK is recognized as a pretty reasonable way for most consumer to secure their wifi access point. That said, this mechanism falls pretty flat on its face when router manufacturers screw up, and it looks like Belkin has screwed up badly. From a Register article we see that:

Each of the eight characters of the default passphrase are created by substituting a corresponding hex-digit of the WAN MAC address using a static substitution table. Since the WAN MAC address is the WLAN MAC address + one or two (depending on the model), a wireless attacker can easily guess the wan mac address of the device and thus calculate the default WPA2 passphrase.

This is just really poor mechanism to calculate the password. At least the manufacturer has been totally silent on the issue, and unwilling to disclose how they intend to defray potential attacks; this gives the possibility that Belkin’ll fix things instead of just abandoning consumers (which seems to be, sadly, a pretty default vendor response when their errors undermine users’ privacy and security). Here’s hoping that Belkin decides to not be like most router vendors…