algorithm used by Alcatel to determine both the default SSID and
corresponding WEP/WPA-PSK/WPA2-PSK passwords has been published on GNUcitizen.org:
Default key algorithm in Thomson and BT Home Hub routers | GNUCITIZEN
and there's another bit here: Dumping the admin password of the BT Home Hub | GNUCITIZEN
or here's a Windows app reviewed
WEP/WPA sleutel SpeedTouch routers eenvoudig te kraken .
If you have a wireless router from Alcatel/Thomson, please use the tool below to determine if you are vulnerable. Though
In 2008, KPN has informed (note: article written in Dutch) their customers to change their passwords.
Most of their customers however lack the computer skills to change SSID and WPA password of their router themselves, and KPN has shown no steps to provide more than telephone support on this issue. Besides that, most customers likely underestimate the risk of data theft or theft/abuse of their internet connection.
I just discovered that Youtube user 'kalt01998' has created a video, titled 'Cracking Thomson Modems' using my site! Nice work kalt01998! Thank you!
SpeedTouch namechange: Thomson is now called Technicolor (and I'm sure they fixed this issue)
Another serious flaw in Thomson hardware.
The Thomson TWG870U has a hidden SSID 'UPC_Multimedia' with a default password 'UPC3532[omitted for security reasons]edAE'
Update 28-9-2009, thanks to an e-mail from a supporter:
Some Portuguese internet providers also distribute this SpeedTouch routers with default passwords
* MEO distributes the Thomson TG712 for triple play clients (iptv + adsl + voice)
* Vodafone distributes the ST585v7 for adsl clients and the Thomson TG712 for the triple play clients.
* Clix distributes the same routers as vodafone.
||If you have a wireless model of the SpeedTouch series
of routers (sometimes sold as KPN Experia box), and
you didn't change the default SSID and/or wireless access keys, you are
There's a sticker on the back of your Thomson SpeedTouch device on which the SSID and WEP and WPA PSK are printed, as can be seen in the picture on the left.
Some ADSL-2+ wireless Modem models (analog and ISDN) which may or may not be affected to default passwords lookup:
Current models, as of 28-9-2009:
Thomson ST122g Thomson TG123g SpeedTouch 516/546 and 516i/546i Thomson TG585 and TG585i (white-grey edition) (585i, 585n) SpeedTouch 605s SpeedTouch 608, 608i, 608 WL and 608i WL (R5) SpeedTouch 620 and 620i (620s, 620m) SpeedTouch 706, 706i, 706 WL and 706i WL SpeedTouch 780, 780i, 780 WL and 780i WL Thomson TG784 and TG784i (784, 784i) Thomson TG787 and TG787i (787, 787i)
SpeedTouch 110 and 120 SpeedTouch 110g and 120g SpeedTouch 121g SpeedTouch Home and Home ISDN SpeedTouch USB and USB ISDN SpeedTouch 330 SpeedTouch 510 and 510i SpeedTouch 570 and 570i R2 (till jan 2004) SpeedTouch 570/545 and 570i/545i R4 (since jan 2004) SpeedTouch 580 and 580i SpeedTouch 585 and 585i (black edition) SpeedTouch 608 and 608i (R4) SpeedTouch 610, 610i and 610s SpeedTouch 716g R1.1 SpeedTouch 716v5, 716iv5, 716v5 WL and 716iv5 WL