Home
 » ISP News » 
Sponsored

UPD EE UK Deploy Partial Fix for BrightBox Broadband Router Security Woes

Friday, February 7th, 2014 (1:03 pm) - Score 852

The fixed line broadband ISP division of mobile giant EE has begun to deploy a crucial firmware update to plug the many holes in its older BrightBox 1 routers. Unfortunately some of the vulnerabilities have yet to be fixed.

Security specialist Scott Helme, after losing faith in EE’s ability to resolve the problems in a timely manner, went public with the flaws last month (here).

The good news is that EE last week began deploying a new firmware update to tackle the problems, but the bad news is that it won’t fix everything.

Scott Helme said (The Register):

It seems that the update is a two out of three. They fixed the exposure of passwords/usernames/etc and the remote management exploit, but haven’t fixed the CSRF exploit. This means I can still do things like change your router’s DNS servers and then intercept every packet of data that goes through it, factory reset your device, enable Wi-Fi networks etc.

There are also several other less serious security issues that they haven’t addressed that I raised with them including session fixation attacks and session hijacking attacks.”

The provider currently uses a variety of different routers to supply its 700k+ strong fixed line broadband customer base, although so far the primary focus has only been on their BrightBox 1 kit and EE are now shipping BrightBox 2 routers for all of their NEW Fibre customers.

UPDATE 7:17pm

The official line from EE is..

An EE Spokesperson told ISPreview.co.uk:

We started rolling out a firmware update to our customers last month, following the identification of security issues affecting the software platform that the BrightBox product is built on. This is a phased, remote roll out. All new BrightBox 1 routers shipped now include the new firmware.”

The provider claims that its new firmware was developed and tested as quickly as possible to ensure there was no impact on internet performance for their customers. A second firmware update is already being prepared to plug the CSRF vulnerability.

Add to Diigo
Tags: ,
Mark Jackson
By Mark Jackson
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on Twitter, , Facebook and Linkedin.
Leave a Comment
0 Responses

Comments are closed.

Comments RSS Feed

Javascript must be enabled to post (most browsers do this automatically)

Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your comment content, display name, IP, email and / or website details in our database, for as long as the post remains live.

Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.

NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.

NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.
Cheapest Superfast ISPs
  • Hyperoptic £20.00 (*22.00)
    Avg. Speed 50Mbps, Unlimited
    Gift: None
  • Direct Save Telecom £22.95 (*29.95)
    Avg. Speed 35Mbps, Unlimited
    Gift: None
  • Origin Broadband £23.00
    Avg. Speed 35Mbps, Unlimited
    Gift: None
  • Vodafone £23.00
    Avg. Speed 35Mbps, Unlimited
    Gift: None
  • SSE £23.00 (*33.00)
    Avg. Speed 35Mbps, Unlimited (FUP)
    Gift: None
Prices inc. Line Rental | View All
The Top 20 Category Tags
  1. BT (2466)
  2. FTTP (2095)
  3. FTTC (1633)
  4. Building Digital UK (1575)
  5. Openreach (1381)
  6. Politics (1380)
  7. Business (1209)
  8. Statistics (1078)
  9. FTTH (1015)
  10. Mobile Broadband (1006)
  11. Fibre Optic (957)
  12. Ofcom Regulation (902)
  13. Wireless Internet (886)
  14. 4G (874)
  15. Virgin Media (843)
  16. Sky Broadband (587)
  17. EE (577)
  18. TalkTalk (565)
  19. Vodafone (497)
  20. Security (402)
Promotion
Helpful ISP Guides and Tips
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact