Apple software allows unauthorised access to Eircom broadband networks

 

APPLE IS benefiting from sales of a piece of software that provides free access to up to 250,000 home broadband networks without the owners’ knowledge.

The software for Apple iPhones, called “dessid”, which costs €1.59, exploits a flaw in the hardware Eircom provided to its broadband customers and which first came to light in September 2007.

The problem occurred because each Eircom customer’s wireless network broadcast a unique eight-digit code as its network name. The password was derived from these digits.

Since August 2008 all devices shipped to Eircom customers have used a more secure standard which is not susceptible to the misuse. Yesterday an Eircom spokesman said about 50 per cent of its customers were using the newer equipment.

A survey from consultants Deloitte, which is published today, found that 63 per cent of Eircom networks that broadcast the eight-digit network name have not upgraded their security. Given that Eircom had almost 480,000 broadband customers at the end of last June, according to ComReg, up to 250,000 home networks could be accessed using the app.

Once installed, dessid scans for available wireless networks. When the user chooses an Eircom network the password is displayed almost instantly. The software is sold as a way for users to recover their Eircom wireless internet password. Daniel Heffernan, the author of the software, said it was not intended as a way to access free broadband but it was “fairly obvious” it could be used in this way. He was “surprised” Apple had approved it with no queries.

Apple keeps 30 per cent of all revenues for software sold through iTunes. This week the computer maker announced there are 100,000 applications available on iTunes.

Last night Apple did not respond to requests for information on how dessid was approved for sale or its approval policy in general. It has been on sale since October 29th and Mr Heffernan said he was selling about six copies a day.

Accessing wireless networks without permission is a criminal offence in Ireland. The Irish Times yesterday downloaded dessid and was able to get the password for an Eircom network used for testing in our offices.

Eircom reminded customers to upgrade their settings and visit http://wirelesssecurity.eircom.net for details of how to do so.