Researchers Expose BT Home Hub Security Flaw
Posted: 09th Oct, 2007 By: MarkJ
UPDATE: BT has responded to state that they are investigating the claims and have also issued a new firmware update to improve security in a number of areas. It is not known whether this router update patches any of the vulnerabilities exposed below.
Customers of BT's Total Broadband service may be concerned to hear that researchers have exposed a vulnerability in the operators Home Hub router, which could allow an attacker to manipulate the connection.
The exploit potential was first revealed and detailed on the GNUCITIZEN website, which includes a rough video demonstration:
The group has reportedly contacted BT and Thomson to inform them of the vulnerabilities, yet isn't holding out much hope of a response after the last problem they exposed went without reply. It's believed the exploit will work on all Thomson/Alcatel Speedtouch 7G routers.
The situation is similar to one that cropped up with BeThere's Thomson/Alcatel's Speedtouch 780 routers earlier in the year, except in that situation the attacker needed to have the routers password. Some users never seem to change the default password and they were left exposed.
We hope that the added publicity makes BT more aware of the problem this time and able to respond.
Customers of BT's Total Broadband service may be concerned to hear that researchers have exposed a vulnerability in the operators Home Hub router, which could allow an attacker to manipulate the connection.
The exploit potential was first revealed and detailed on the GNUCITIZEN website, which includes a rough video demonstration:
So what can we do? Well, we can fully own the router remotely. At the moment we have three demo exploits which do the following:
* enable backdoor in order to control the router remotely
* disable wireless completely (can only be re-enabled if the user is technically capable)
* steal the WEP/WPA key
Of course there are other attacks you could launch! We can hijack any action with full admin privileges or steal any info returned by a routers page. This means evilness of the exploits are only limited by the attackers imagination. Other examples of evil attacks include evesdropping VoIP conversations (change sip config primproxyaddr statement in config file), stealing VoIP credentials, exposing internal hosts on the DMZ, change the DNS settings for stealing online banking credentials, disable auto updates (change cwmp.ini section in config file), etc.
* enable backdoor in order to control the router remotely
* disable wireless completely (can only be re-enabled if the user is technically capable)
* steal the WEP/WPA key
Of course there are other attacks you could launch! We can hijack any action with full admin privileges or steal any info returned by a routers page. This means evilness of the exploits are only limited by the attackers imagination. Other examples of evil attacks include evesdropping VoIP conversations (change sip config primproxyaddr statement in config file), stealing VoIP credentials, exposing internal hosts on the DMZ, change the DNS settings for stealing online banking credentials, disable auto updates (change cwmp.ini section in config file), etc.
The group has reportedly contacted BT and Thomson to inform them of the vulnerabilities, yet isn't holding out much hope of a response after the last problem they exposed went without reply. It's believed the exploit will work on all Thomson/Alcatel Speedtouch 7G routers.
The situation is similar to one that cropped up with BeThere's Thomson/Alcatel's Speedtouch 780 routers earlier in the year, except in that situation the attacker needed to have the routers password. Some users never seem to change the default password and they were left exposed.
We hope that the added publicity makes BT more aware of the problem this time and able to respond.
Latest UK ISP News
Cheap BIG ISPs for 100Mbps+
Community Fibre £21.00
Virgin Media £26.00
Shell Energy £26.99
Plusnet £27.99
Zen Internet £28.00 - 35.00
150,000+ Customers | View More ISPs
Cheapest ISPs for 100Mbps+
Modest Availability | View More ISPs
Latest UK ISP News
Cheap BIG ISPs for 100Mbps+
Community Fibre £21.00
Virgin Media £26.00
Shell Energy £26.99
Plusnet £27.99
Zen Internet £28.00 - 35.00
Large Availability | View All
Cheapest ISPs for 100Mbps+
Large Availability | View All
Helpful ISP Guides and Tips
Sponsored Links
The Top 15 Category Tags
- FTTP (5514)
- BT (3514)
- Politics (2536)
- Openreach (2297)
- Business (2262)
- Building Digital UK (2244)
- FTTC (2043)
- Mobile Broadband (1972)
- Statistics (1788)
- 4G (1663)
- Virgin Media (1619)
- Ofcom Regulation (1460)
- Fibre Optic (1395)
- Wireless Internet (1389)
- FTTH (1381)
Sponsored
Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules