» ISP News » 

Full Fibre UK ISP Hyperoptic Fix Serious ZTE Router Security Flaw UPDATE

Wednesday, April 25th, 2018 (7:50 am) - Score 7,556

Fibre optic broadband ISP Hyperoptic has patched a major security flaw in their ZTE built H298N and H298A (pictured) “HyperHub” routers, which could have allowed an attacker to remotely take over the device by using a simple phishing message and website link.

Apparently the problem was first spotted last year by security experts at Context Information Security, which shared some of their findings with consumer magazine Which?. The team discovered that Hyperoptic customers with the ZTE H298N router merely needed to click on the web link in a phishing message (email, website etc.) and a hacker could then gain full control of their router, which would have also enabled them to access the victims home network.

ZTE H298N Features

* Gigabit Ethernet uplink
* Maximum wireless speed up to 300Mbps
* Comprehensive VoIP services
* DHCP Server
* USB Host 2.0 for 3G dongle connection
* UPnP AV/DLNA for home media sharing
* IPv6 ready
* Robust TR069 remote management

Suffice to say that allowing a hacker to snoop on your home network, computers and personal data is not something that anybody would want. Alternatively the attacker could have also hijacked the device and turned it into another zombie member of a botnet, which could have been used to attack other internet users or servers. This would be particularly bad since Hyperoptic offer FTTP/B speeds of up to 1Gbps (fuel for DDoS).

The good news is that Hyperoptic has now issued a firmware patch to fix the significant flaw, which is a process that completed on 23rd April 2018 and hence today’s disclosure. Details of the exploit will no doubt surface, although we know that the fix included setting “new individual root passwords” for every router.

The same update has also been applied to the provider’s latest ZTE H298A router, which among other things adds faster AC spec WiFi (MIMO 2*2) that can support dual band wireless network speeds of up to 1200Mbps. However most of Hyperoptic’s subscribers will not yet be using this newer model as it only began to surface toward the end of last year (sometimes you can get swapped to it with a quick call).

Steve Holford, Hyperoptic’s Chief Customer Officer, said:

“Hyperoptic considers the security of customer data and connections to be our highest priority and we thank Which? for highlighting this particular issue.

As soon as we were made aware of the concern, we immediately changed the passwords to safeguard these devices, and we have been working together with our supplier to implement new security controls so that our customers can be confident the concern has now been resolved.

At this time we’re not aware of any customers impacted by the issue highlighted by Which?, but we wanted to invest in further securing our customers connection.”

The news comes hot on the heels of a separate announcement from the National Cyber Security Centre (NCSC), which last week warned UK telecoms and broadband operators of the “potential risks to the UK’s national security” of using hardware and services supplied by China’s ZTE (here).

However it’s important to put all of this into some context. Hackers are constantly targeting broadband routers (both those supplied by ISPs and third-party devices) and we’ve often had to report on serious security flaws with such devices, like when the Mirai malware (worm) infected a large number of routers used by TalkTalk, Post Office and other UK ISPs in 2016 (here).

On top of that Which?’s article wrongfully claims that “Hyperoptic provides ultra-fast fibre broadband of up to 1Gbps to 400,000 homes,” which appears to confuse their premises passed (coverage) figure with actual subscribers and as a result a couple of other media reports have thus misinterpreted this. So far as we are aware the ISP has a take-up rate of around 25% and so the actual subscriber figure should be closer to 100,000 (please correct us if wrong Hyperoptic).

Overall bad news days are something that Hyperoptic has generally managed to avoid and in this case we can at least be thankful for the fact that Context IS discovered the problem before hackers did, at least so far as we’re aware.

UPDATE 26th April 2018

The related security advisory is online and it adds a little extra detail: “The combination of a hardcoded root account and a DNS rebinding vulnerability allows an Internet-based attacker to compromise all customer routers of UK ISP Hyperoptic via a malicious webpage. The vulnerabilities are present on both “HyperHub” router models, the ZTE H298N and the newer ZTE H298A, affecting hundreds of thousands of devices.”

Leave a Comment
1 Response
  1. Avatar Dr Alan Stacey says:

    I was supplied with this router by Hyperoptic in July 2017.
    Within an hour I had found out about the active root account and its hard-coded password.
    To be clear this is different from the normal admin account found on most routers, and has considerably higher access privileges.
    There was no indication in any of the supplied information such an account even existed.
    If I managed to find out about it in an hour, I am sure plenty of hackers knew as well. The fact Hyperoptic claim they didn’t know means they are lying or recklessly incompetent.
    For all I know there may be other backdoor accounts too. Hyperoptic simply don’t have the competence to make a judgement on this and overrule the clear warnings from NCSC and others, and it is scandalous that they haven’t told their customers to stop using these pieces of gerbage.
    I swapped my out for a real router with 24 hours of having the service installed and it’s not been connected since then.

Comments are closed.

Comments RSS Feed

Javascript must be enabled to post (most browsers do this automatically)

Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your comment content, display name, IP, email and / or website details in our database, for as long as the post remains live.

Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.

NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.

NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.
Cheapest Superfast ISPs
  • Hyperoptic £22.00
    Avg. Speed 50Mbps, Unlimited
    Gift: None
  • Onestream £22.49 (*29.99)
    Avg. Speed 45Mbps, Unlimited
    Gift: None
  • xln telecom £22.74 (*47.94)
    Avg. Speed 66Mbps, Unlimited
    Gift: None
  • Plusnet £22.99 (*35.98)
    Avg. Speed 36Mbps, Unlimited
    Gift: £50 Reward Card
  • Vodafone £23.00
    Avg. Speed 35Mbps, Unlimited
    Gift: None
Prices inc. Line Rental | View All
The Top 20 Category Tags
  1. BT (2768)
  2. FTTP (2746)
  3. FTTC (1783)
  4. Building Digital UK (1740)
  5. Politics (1662)
  6. Openreach (1619)
  7. Business (1429)
  8. FTTH (1340)
  9. Statistics (1240)
  10. Mobile Broadband (1221)
  11. Fibre Optic (1062)
  12. 4G (1052)
  13. Wireless Internet (1020)
  14. Ofcom Regulation (1014)
  15. Virgin Media (1004)
  16. EE (696)
  17. Sky Broadband (668)
  18. Vodafone (666)
  19. TalkTalk (661)
  20. 5G (514)
Helpful ISP Guides and Tips

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact