4 Year Old WPS Security Flaw Still Affecting TalkTalk UK ISP Router UPDATE
One of the older D-Link based ADSL2+ broadband routers from UK ISP TalkTalk has been found to still be vulnerable to a security exploit, which was first notified to the provider all the way back in 2014. This enables a hacker to gain access to your wireless (WiFi) network by sniffing out the WPS password.
According to a new security advisory from IndigoFuzz (bonus credits to The Register for spotting), the Wi-Fi Protected Setup (WPS) feature on the D-Link (RT2860 chipset) router is insecure and always-on (even if the WPS pairing button is not used).
As a result all it takes is for somebody within range of the wireless signal to use a common hacking tool in order to automatically probe the network and uncover its password, which all happens in the space of a few seconds.
IndigoFuzz Statement
This method has proven successful on multiple TalkTalk Super Routers belonging to consenting parties which is enough to suggest that this vulnerability affects all TalkTalk Super Routers of this particular model/version.
TalkTalk have been notified of this vulnerability in the past and have failed to patch it many years later. It is also documented across various community forums. Links:
Contrary to the above statement we do not believe that the aforementioned router is one of TalkTalk’s more modern VDSL2 equipped “Super Routers“, as this term tends to only be used when referencing their Huawei HG633, HG635 or the D-Link 3782 device (the latter was released in 2017). At present it is not known how many of their customers still use the older RT2860 based D-Link kit (the model number isn’t stated).
Admittedly back in 2014 TalkTalk’s approach to security was somewhat more lax than it is today and things didn’t really improve until after the 2015 cyber-attack on their website (here), which sent their reputation and customer base into free fall for awhile.
One small upside to this case is that their older router didn’t deliver a particularly good WiFi signal in the first place and as a result the hacker would have needed to be practically inside your house in order to gain a stable connection. At the time of writing TalkTalk has not provided a comment but we will update once they do.
UPDATE 4:58pm
After a long wait TalkTalk has issued the following statement.
A TalkTalk Spokesperson told ISPreview.co.uk:
“We’re aware of the reported issue affecting some older routers that means in some rare circumstances, a third party could potentially access the gateway’s wireless network password. We work closely with equipment suppliers to ensure that models that may be vulnerable are patched as part of a routine update and maintenance programme.”
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on X (Twitter), Mastodon, Facebook and Linkedin.
« Challenges as UK ISPs Start Advertising Average Broadband Speeds
Latest UK ISP News
- FTTP (5515)
- BT (3514)
- Politics (2537)
- Openreach (2297)
- Business (2262)
- Building Digital UK (2244)
- FTTC (2043)
- Mobile Broadband (1973)
- Statistics (1788)
- 4G (1664)
- Virgin Media (1619)
- Ofcom Regulation (1461)
- Fibre Optic (1395)
- Wireless Internet (1389)
- FTTH (1381)
Talk talk are the worst company I have ever dealt with, super fiver is a joke, I was getting faster speeds with my previous provider on normal broadband and despit repeated emails they keep sending the same bumf, i.e. check your filter check your devices,reset your router etc, these are always the first things anyone with broadband does, not once have I been able to talk to an actual person despite request respected every week, I once copied and pasted different speed test results by email and got sent the standard check your filter nonsense, I wouldn’t recommend anyone signs up with them AT ALL TERRIBLE CUSTOMER SERVICE YERRIBLE SPEEDS YERRIBLE EVERYTHING.
YERRIBLE POST 😀
I love the update they’ve given. Talk about cookie cutter stock statements. Work closely with… patch… routine. Yes, but not for 4 years. So not patched, not working closely with and not routine at all really then?
The model in question is a 3780.
I think the router default username and password is ‘admin’
Which makes gaining access to the admin control panel real easy for an outsider.
Can’t recall if you can setup dns on this router but that would spell disaster for anyone that did get hacked.
I wish all the telcos would stop including wps enabled by default it’s such a weak link. Along with uPnP.
Its October 2018 now, nearly the end of this year.
And to everyone’s great surprise, this exploit is still out there in the wild.
It is related to the default password and worst yet:
The login panel it’s self is vulnerable to both Wireshark and Clickjacking.
I personally, am nearing the end of a nightmare subscription on the lowest package they have available. I will be striking back by waiting to the end of my subscription, and taking them to a small claims court.
I suggest everyone else does the same as, it’s almost impossible to fail with the wealth of evidence we can accrue against them – and anyone who has used this service will understand: You’ll still be salty about the service you were put through even if it all gets refunded.