4 Year Old WPS Security Flaw Still Affecting TalkTalk UK ISP Router UPDATE

One of the older D-Link based ADSL2+ broadband routers from UK ISP TalkTalk has been found to still be vulnerable to a security exploit, which was first notified to the provider all the way back in 2014. This enables a hacker to gain access to your wireless (WiFi) network by sniffing out the WPS password.

According to a new security advisory from IndigoFuzz (bonus credits to The Register for spotting), the Wi-Fi Protected Setup (WPS) feature on the D-Link (RT2860 chipset) router is insecure and always-on (even if the WPS pairing button is not used).

As a result all it takes is for somebody within range of the wireless signal to use a common hacking tool in order to automatically probe the network and uncover its password, which all happens in the space of a few seconds.

IndigoFuzz Statement

This method has proven successful on multiple TalkTalk Super Routers belonging to consenting parties which is enough to suggest that this vulnerability affects all TalkTalk Super Routers of this particular model/version.

TalkTalk have been notified of this vulnerability in the past and have failed to patch it many years later. It is also documented across various community forums. Links:

• 2014 TalkTalk Forum Post: D-Link RT2860 [Security issue]
• 2014 BroadbandBanter Forum Post: TalkTalk DSL-3680 WPS security vulnerability
• 2016 Hashkiller Forum Post: WPA Packet Cracking – TalkTalk

Contrary to the above statement we do not believe that the aforementioned router is one of TalkTalk’s more modern VDSL2 equipped “Super Routers“, as this term tends to only be used when referencing their Huawei HG633, HG635 or the D-Link 3782 device (the latter was released in 2017). At present it is not known how many of their customers still use the older RT2860 based D-Link kit (the model number isn’t stated).

Admittedly back in 2014 TalkTalk’s approach to security was somewhat more lax than it is today and things didn’t really improve until after the 2015 cyber-attack on their website (here), which sent their reputation and customer base into free fall for awhile.

One small upside to this case is that their older router didn’t deliver a particularly good WiFi signal in the first place and as a result the hacker would have needed to be practically inside your house in order to gain a stable connection. At the time of writing TalkTalk has not provided a comment but we will update once they do.

UPDATE 4:58pm

After a long wait TalkTalk has issued the following statement.

A TalkTalk Spokesperson told ISPreview.co.uk:

“We’re aware of the reported issue affecting some older routers that means in some rare circumstances, a third party could potentially access the gateway’s wireless network password. We work closely with equipment suppliers to ensure that models that may be vulnerable are patched as part of a routine update and maintenance programme.”