How I Accidentally Surfed My Neighbour's Internet Connection

It was strange to find I was surfing the Internet on my next door neighbour’s BT connection. I did this while connected wirelessly to my Virgin Media router. Yes, I was connected to Virgin but surfing on BT. For American’s BT are like Comcast and Virgin are like Time Warner. They are effectively monopolies, don’t seem to care about the customers and are as useless as each other.
I spotted I was surfing on my neighbour’s connection because I went to a website and it asked me to sign into a BT Hub. I cancelled the sign in but happily surfed the Internet anyway. I checked my IP address (A unique address your device has on a network). Virgin always give an IP address starting with 192.168.0.x and the router is at 192.168.0.1
However, I had an IP address of 192.168.1.x and the router was on 192.168.1.254. When I typed 192.168.1.254 into a web browser I got a BT Home Hub. I did some checks and quickly concluded I wasn’t being spoofed or subject to a Man in the Middle attack. I was connected to my Virgin Media router but was getting my Internet through a BT Home Hub. Was it some kind of weird update? Did Virgin and BT use the same box with different branding and an update had messed up? I worked out this anomaly was happening randomly. Sometimes I’d connect and get access through Virgin. Sometimes BT. But always while connected to my Virgin box.
I contacted Virgin Media Tech Support. A task so difficult it would make Sisyphus quit and go back to uphill boulder shoving. I explained to Customer (Mis)Service Automaton my problem was a little complex and wondered if they knew anything about IP addresses. He said he didn’t. And cut me off. I got through to a second person who also knew nothing about IP addresses and I asked to be put through to someone more technical. They transferred me to second line support. Which turned out to be a recorded message saying they were shut and then it cut me off. This is typical Virgin Media support. I’d go elsewhere but we live in a world where customer support is a mislabeled jockstrap. Sisyphus… you had it easy.
While this is going on I check Google. There were other instances of people with the same problem. But it was a page tucked away deep in the Google search which provided half the answer.
It was caused by Netgear Powerline Adapters. These adapters transfer the network signal over the electrical cabling in your home. They save you the hassle of running network cables all over your home. Just plug one in a power outlet downstairs, one in a power outlet upstairs and you have extended your network. I use it to connect my router to my PS3 because Virgin Media Super Hubs don’t communicate wirelessly with certain models of PS3.
These adapters have a “security” button. You press the security button on one of them, then within 2 minutes press the button on the other one. The manual explains how this creates a secure connection between the two. Logic would dictate the first one would generate a random number which would become a secure key and listen. Once the button was pressed on the other one they would swap the key. This would ensure they only communicated between each other. It’s not a perfect system but for the vast majority of users it would suffice.
However, this does not happen.
What happens is they just push out a default key. Always the same key. Across their entire range. Which negates the issue of pushing the button in the first place. As a result, when your neighbour buys one it also uses the same key. Our electrical supplies are connected. Hence, my Powerline adapters start talking to the ones next door. Together they build a network which spans our two houses. Normally when a device connects to your router it asks for an IP address. However, as the two networks are now connected it becomes a race to see which router responds first. Mine or my neighbours. Whichever one answered first decided which network I was on.
Now these adapters don’t send the signal very far. So if you are two or three houses away you won’t get anything. But next door neighbours are… well… next door. The clue is in the name. We also live in small houses. The signal didn’t have far to travel.
The moment I worked all this out I unplugged the Powerline adapters and all my network access was restored to my connection. I plugged one back in and immediately started connecting to my neighbour’s Internet.
I then wanted to see how much of a security risk this was. I plugged the Powerline adapter into my mains socket and left it disconnected from my network. As soon as I plugged it in the LED suggested it had a connection to something else. I connected my laptop to it with a network cable and immediately connected to my neighbour’s network. As anyone with even a passing knowledge of IT security will tell you, just getting access to a network is a major issue. This is very poor work from Netgear. They should do more to ensure their devices generate a random key. I checked to ensure my firmware was up to date; it was. And as this particular model is no longer sold I can only assume my neighbour had purchased a newer model, with exactly the same flaws.
It was now time to try to secure this problem and ensure my adapters were only communicating with each other. Using a piece of software downloaded from Netgear’s site I could manually change the key to something more secure and, crucially, unique.
As these adapters become more and more popular we’ll see this issue more and more. Also, if you have these adapters make sure you download the software and change the key. I foolishly trusted a “security” button to provide “security”. Maybe that’s the ultimate lesson.