Home
 » ISP News » 
Sponsored

UPDATE2 Big UK ISPs Say Home Routers Safe from SHELLSHOCK Bug

Saturday, September 27th, 2014 (8:00 am) - Score 2,902
router broadband isp disconnected

Last week’s news was flooded with coverage of a new vulnerability in the command-line Bash interface (shell) for many Linux / Unix based systems, called SHELLSHOCK (CVE-2014-6271). Bash forms a part of everything from web servers to Smartphones (iPhone, Android etc.) and even quite a few broadband routers, but don’t worry because most of you will be safe.. probably, hopefully.

A lot of things have been said about the Shellshock bug but the truth is that casual home users probably don’t have too much to worry about, so long as you use some common sense with regards to security and keep everything updated. Even many exposed systems don’t allow external execution of Bash, which makes it harder for the bug to do damage unless the attacker can first gain access to an affected system (possibly via a Trojan / Virus infection etc.).

Mind you that’s not to say that having Bash exposed in any way, even locally (i.e. admin level access may be required to exploit it), is a good thing. Indeed if a semi-vulnerable system did get infected with a virus that knew how to exploit this bug then it would be easy enough for that malware to run a simple Bash command and wipe the system or do any number of other things, such as turning it into a zombie for hackers or botnet spammers to control.

So what about all those home broadband routers that the big ISPs often bundle for free? The good news is that most of them and many other embedded devices actually make use of the Busybox software instead of the Bash, which is NOT vulnerable to the bug. But to help put your minds at rest we asked around to see what the four largest ISPs had to say.

Big ISP Comments on Shellshock

BTAt this time we do not believe that BT Home Hubs, BT Vision and YouView boxes are vulnerable. We are however conducting a thorough review of our estate, and continue to monitor the situation.”

Virgin MediaWe can confirm that all versions of the Super Hub supplied by Virgin Media have been tested and are not vulnerable to the Shellshock/Bash bug.”

Sky BroadbandI want to reassure you that there are no issues with our Sky routers.

TalkTalk We’re still awaiting an official comment, although from what we can tell most of their routers use BusyBox (safe).

We are of course keeping an eye on this but for now it looks like those with bundled routers from the biggest ISPs are safe. Obviously if you are concerned about your router, especially if it’s not from an ISP listed above, then do a bit of Googling to see whether the model uses Bash or BusyBox (it’ll probably be the latter). If it’s the former then you might need to query with the manufacturer directly, just to be absolutely safe, but we wouldn’t panic.

UPDATE 28th September 2014

A TalkTalk spokesperson has given ISPreview.co.uk the following statement: “We would like to reassure customers that none of our routers are affected by the Shellshock bug. Although our routers are not affected customers should ensure they are protecting themselves if they are running web servers. Customers can get general advice on protecting themselves by visiting help.talktalk.co.uk. Our customers using other routers should seek advice from their manufacturers.”

UPDATE 1st October 2014

For what it’s worth Sky has now issued a slightly fuller statement, although it still says the same thing.

A Sky Broadband Spokesperson said:

At Sky we ensure all of our products are fully tested according to industry standards before they’re made available to our customers.

In response to recent media speculation surrounding the ‘Shellshock’ bug we’d like to reassure our customers that as we do not run Bash software on our Sky Hub or Sky Wireless routers, these products are unaffected by this type of vulnerability.

Former 02 and BE customers who have recently transferred their broadband to Sky, are also unaffected.”

Add to Diigo
Tags:
Mark Jackson
By Mark Jackson
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on Twitter, , Facebook and Linkedin.
Leave a Comment
4 Responses
  1. Avatar dave

    i read somewhere that the bt homehub uses bash not busybox. It may be vulnerable.

  2. Avatar John

    Some BT HH’s do use Bash but so far BT seems to think it’s safe on their devices. Guess we’ll see if their “review” turns up anything.

  3. Avatar Hilary

    Where can you find out which BT HH’s use Bash? I’ve googled extensively and not yet found anything concrete?

Comments RSS Feed

Javascript must be enabled to post (most browsers do this automatically)

Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your comment content, display name, IP, email and / or website details in our database, for as long as the post remains live.

Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.

NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.

NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.
Cheapest Superfast ISPs
  • Hyperoptic £21.00 (*25.00)
    Avg. Speed 50Mbps, Unlimited
    Gift: £50 Shopping Voucher
  • TalkTalk £21.95 (*36.00)
    Avg. Speed 38Mbps, Unlimited
    Gift: None
  • xln telecom £22.74 (*47.94)
    Avg. Speed 66Mbps, Unlimited (FUP)
    Gift: None
  • Post Office £22.90 (*37.00)
    Avg. Speed 38Mbps, Unlimited
    Gift: None
  • Direct Save Telecom £22.95 (*29.95)
    Avg. Speed 35Mbps, Unlimited
    Gift: None
Prices inc. Line Rental | View All
The Top 20 Category Tags
  1. BT (2533)
  2. FTTP (2254)
  3. FTTC (1676)
  4. Building Digital UK (1616)
  5. Politics (1444)
  6. Openreach (1432)
  7. Business (1258)
  8. Statistics (1110)
  9. FTTH (1105)
  10. Mobile Broadband (1056)
  11. Fibre Optic (978)
  12. Ofcom Regulation (922)
  13. 4G (918)
  14. Wireless Internet (917)
  15. Virgin Media (870)
  16. EE (602)
  17. Sky Broadband (600)
  18. TalkTalk (586)
  19. Vodafone (532)
  20. 3G (417)
Promotion
Helpful ISP Guides and Tips
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact