Home
 » ISP News » 
Sponsored Links

4 Year Old WPS Security Flaw Still Affecting TalkTalk UK ISP Router UPDATE

Wednesday, May 23rd, 2018 (7:49 am) - Score 5,078

One of the older D-Link based ADSL2+ broadband routers from UK ISP TalkTalk has been found to still be vulnerable to a security exploit, which was first notified to the provider all the way back in 2014. This enables a hacker to gain access to your wireless (WiFi) network by sniffing out the WPS password.

According to a new security advisory from IndigoFuzz (bonus credits to The Register for spotting), the Wi-Fi Protected Setup (WPS) feature on the D-Link (RT2860 chipset) router is insecure and always-on (even if the WPS pairing button is not used).

As a result all it takes is for somebody within range of the wireless signal to use a common hacking tool in order to automatically probe the network and uncover its password, which all happens in the space of a few seconds.

Advertisement

IndigoFuzz Statement

This method has proven successful on multiple TalkTalk Super Routers belonging to consenting parties which is enough to suggest that this vulnerability affects all TalkTalk Super Routers of this particular model/version.

TalkTalk have been notified of this vulnerability in the past and have failed to patch it many years later. It is also documented across various community forums. Links:

Contrary to the above statement we do not believe that the aforementioned router is one of TalkTalk’s more modern VDSL2 equipped “Super Routers“, as this term tends to only be used when referencing their Huawei HG633, HG635 or the D-Link 3782 device (the latter was released in 2017). At present it is not known how many of their customers still use the older RT2860 based D-Link kit (the model number isn’t stated).

Admittedly back in 2014 TalkTalk’s approach to security was somewhat more lax than it is today and things didn’t really improve until after the 2015 cyber-attack on their website (here), which sent their reputation and customer base into free fall for awhile.

One small upside to this case is that their older router didn’t deliver a particularly good WiFi signal in the first place and as a result the hacker would have needed to be practically inside your house in order to gain a stable connection. At the time of writing TalkTalk has not provided a comment but we will update once they do.

UPDATE 4:58pm

Advertisement

After a long wait TalkTalk has issued the following statement.

A TalkTalk Spokesperson told ISPreview.co.uk:

“We’re aware of the reported issue affecting some older routers that means in some rare circumstances, a third party could potentially access the gateway’s wireless network password. We work closely with equipment suppliers to ensure that models that may be vulnerable are patched as part of a routine update and maintenance programme.”

Tags: ,
Mark-Jackson
By Mark Jackson
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on X (Twitter), Mastodon, Facebook and .
Search ISP News
Search ISP Listings
Search ISP Reviews
Comments
5 Responses

Advertisement

  1. Avatar photo EDDIE Miller says:

    Talk talk are the worst company I have ever dealt with, super fiver is a joke, I was getting faster speeds with my previous provider on normal broadband and despit repeated emails they keep sending the same bumf, i.e. check your filter check your devices,reset your router etc, these are always the first things anyone with broadband does, not once have I been able to talk to an actual person despite request respected every week, I once copied and pasted different speed test results by email and got sent the standard check your filter nonsense, I wouldn’t recommend anyone signs up with them AT ALL TERRIBLE CUSTOMER SERVICE YERRIBLE SPEEDS YERRIBLE EVERYTHING.

  2. Avatar photo Alan says:

    YERRIBLE POST 😀

  3. Avatar photo Steve says:

    I love the update they’ve given. Talk about cookie cutter stock statements. Work closely with… patch… routine. Yes, but not for 4 years. So not patched, not working closely with and not routine at all really then?

  4. Avatar photo Stuart says:

    The model in question is a 3780.
    I think the router default username and password is ‘admin’
    Which makes gaining access to the admin control panel real easy for an outsider.
    Can’t recall if you can setup dns on this router but that would spell disaster for anyone that did get hacked.
    I wish all the telcos would stop including wps enabled by default it’s such a weak link. Along with uPnP.

  5. Avatar photo Meena Yabbot says:

    Its October 2018 now, nearly the end of this year.
    And to everyone’s great surprise, this exploit is still out there in the wild.

    It is related to the default password and worst yet:
    The login panel it’s self is vulnerable to both Wireshark and Clickjacking.

    I personally, am nearing the end of a nightmare subscription on the lowest package they have available. I will be striking back by waiting to the end of my subscription, and taking them to a small claims court.

    I suggest everyone else does the same as, it’s almost impossible to fail with the wealth of evidence we can accrue against them – and anyone who has used this service will understand: You’ll still be salty about the service you were put through even if it all gets refunded.

Comments are closed

Cheap BIG ISPs for 100Mbps+
Community Fibre UK ISP Logo
150Mbps
Gift: None
NOW UK ISP Logo
NOW £24.00
100Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £25.00
132Mbps
Gift: None
Vodafone UK ISP Logo
Vodafone £26.50 - 27.00
150Mbps
Gift: None
Sky Broadband UK ISP Logo
145Mbps
Gift: None
Large Availability | View All
New Forum Topics
By: The Wee Bear
By: AbsolutelyRidiculous
By: The Wee Bear
By: S0X
Cheapest ISPs for 100Mbps+
Brsk UK ISP Logo
Brsk £19.00
150Mbps
Gift: None
Gigaclear UK ISP Logo
Gigaclear £19.00
300Mbps
Gift: None
Community Fibre UK ISP Logo
150Mbps
Gift: None
YouFibre UK ISP Logo
YouFibre £22.99
150Mbps
Gift: None
Hey! Broadband UK ISP Logo
150Mbps
Gift: None
Large Availability | View All
The Top 15 Category Tags
  1. FTTP (5916)
  2. BT (3618)
  3. Politics (2679)
  4. Business (2394)
  5. Openreach (2387)
  6. Building Digital UK (2312)
  7. Mobile Broadband (2099)
  8. FTTC (2074)
  9. Statistics (1871)
  10. 4G (1771)
  11. Virgin Media (1724)
  12. Ofcom Regulation (1554)
  13. Fibre Optic (1455)
  14. Wireless Internet (1445)
  15. FTTH (1384)
Promotion
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact
Mastodon