Everybody can hack into your Blink wireless router!

It’s not a secret anymore that the routers you get from Ogero once you subscribe to their Blink DSL service can easily be hacked since their WiFi password is very easy to retrieve.

First of all, Blink routers are by default secured using WEP encryption which is very weak and can be cracked using wireless penetration tools. Second, they can easily be identified since they all have an SSID (network name) following this pattern “BlinkXXXXXX” where XXXXXX is a 6 character code, and this isn’t just any random code as it is derived from the router’s serial number. Unfortunately, the same applies to the WiFi password, it isn’t generated randomly but rather derived from the router’s serial number as well.

Logically speaking, if you encounter a Blink network and were able to reverse the operation in a way that lets you guess the router’s serial number from the 6 character code in the SSID, retrieving the password would then be a piece of cake since it can be derived from this serial. That’s basically what some people have been doing for a while now since several tools are already available online allowing you enter the 6 character code once you stumble across a Blink network, and gives you the password in a few seconds.

Up until lately, I was thinking the usage of these tools was somehow minimal and limited to techies since you will rarely find them on Lebanese website, until I lately came across this new Android application called “Hack Blink” with a download count of over 10,000 and rapidly increasing.

hack blink

Using the application is very straight forward, you enter the code and wait for the password, I tried it and it does work. So if you have a blink subscription, be sure someone around you will soon or later have this application and eventually start consuming your bandwidth.

Fortunately, there is a way to stop people from doing that by reconfiguring your router using this manual I found on Ogero’s website (which applies to Thomson routers). I strongly recommend you use that manual to change your SSID and setting the encryption algorithm to WPA2, in addition to of course changing the default wireless password. If you encounter any difficulty, make sure to either contact their customer support or just head to the nearest Ogero office in order for some support person to help you do it.

Best solution is definitely for Ogero to stop ordering their routers to be configured this way!

Thanks to @ZuZ for the information he previously provided in this post.

Update:

@AbirGhattas just informed me “Hack Blink” was removed from the Play Store. I still recommend you change your router’s default settings.

ShareShare on Facebook19Tweet about this on Twitter6Share on Reddit0Digg thisShare on Google+0Email this to someone

, , , , , , , , , , , , , , , , ,

11 Responses to Everybody can hack into your Blink wireless router!

  1. Eddie February 28, 2013 at 6:26 pm #

    If the router is new (2010+), this doesn’t work.

    • Rami March 1, 2013 at 9:22 am #

      Thanks for the info!
      Still, there’s a large chunk of routers that have been bought before 2010 and I just keep seeing them everywhere. Their owners never bothered to change their default settings.

  2. Ayman February 28, 2013 at 6:32 pm #

    What is funny is the those mediocre “developers” who make such mediocre apps and think they’ve created something great while hurting thousands of people. Same thing for the car numbers app. Such a shame.

  3. D March 1, 2013 at 2:56 pm #

    its not only with the ogero router,

    every secured router using WEP Encryption can be hacked.

    WPA/WPA2 also can be hacked but it is much harder and take too much time

  4. Moe April 6, 2013 at 11:45 pm #

    Can u find me thi blinka6211b

  5. mhmd tabbara May 18, 2013 at 4:14 pm #

    Blink5C936D find it :D

    • mOSTAFA May 28, 2013 at 10:42 am #

      2113E4BA1C
      E1DDED3F35

  6. vincent richa May 27, 2013 at 1:46 pm #

    please i have 2 blinks:
    blink309007
    blink1503

  7. Eliane August 4, 2013 at 12:58 pm #

    Please help, someone is stealing my connection and I’m a computer ignoramus! I already called Ogero and changed the wireless password but the stealing has returned.
    I want to follow the steps in the Thomson manual, but when prompted to enter the username and password in Step 2, nothing works to enter the thing.
    Which username and password to use?

    • Rami August 5, 2013 at 12:27 pm #

      I guess your wireless encryption must be set to WEP, I suggest you change it to WPA2, it’s very easy to do through the router’s administration page.

Leave a Reply