Home » 

UK ISP News Archives

Sponsored Links

Researchers Expose BT Home Hub Security Flaw

Posted: 09th Oct, 2007 By: MarkJ
UPDATE: BT has responded to state that they are investigating the claims and have also issued a new firmware update to improve security in a number of areas. It is not known whether this router update patches any of the vulnerabilities exposed below.

Customers of BT's Total Broadband service may be concerned to hear that researchers have exposed a vulnerability in the operators Home Hub router, which could allow an attacker to manipulate the connection.

The exploit potential was first revealed and detailed on the GNUCITIZEN website, which includes a rough video demonstration:

So what can we do? Well, we can fully own the router remotely. At the moment we have three demo exploits which do the following:

* enable backdoor in order to control the router remotely

* disable wireless completely (can only be re-enabled if the user is technically capable)

* steal the WEP/WPA key

Of course there are other attacks you could launch! We can hijack any action with full admin privileges or steal any info returned by a router’s page. This means evilness of the exploits are only limited by the attacker’s imagination. Other examples of evil attacks include evesdropping VoIP conversations (change ’sip config primproxyaddr’ statement in config file), stealing VoIP credentials, exposing internal hosts on the DMZ, change the DNS settings for stealing online banking credentials, disable auto updates (change ‘cwmp.ini’ section in config file), etc.

The group has reportedly contacted BT and Thomson to inform them of the vulnerabilities, yet isn't holding out much hope of a response after the last problem they exposed went without reply. It's believed the exploit will work on all Thomson/Alcatel Speedtouch 7G routers.

The situation is similar to one that cropped up with BeThere's Thomson/Alcatel's Speedtouch 780 routers earlier in the year, except in that situation the attacker needed to have the routers password. Some users never seem to change the default password and they were left exposed.

We hope that the added publicity makes BT more aware of the problem this time and able to respond.
Search ISP News
Search ISP Listings
Search ISP Reviews
Cheap BIG ISPs for 100Mbps+
Community Fibre UK ISP Logo
Gift: None
NOW £25.00
Gift: None
Virgin Media UK ISP Logo
Virgin Media £26.00
Gift: None
Vodafone UK ISP Logo
Vodafone £26.50 - 27.00
Gift: None
Plusnet UK ISP Logo
Plusnet £27.99
Gift: None
Large Availability | View All
Cheapest ISPs for 100Mbps+
Gigaclear UK ISP Logo
Gigaclear £17.00
Gift: None
Community Fibre UK ISP Logo
Gift: None
BeFibre UK ISP Logo
BeFibre £19.00
Gift: None
YouFibre UK ISP Logo
YouFibre £22.99
Gift: None
Hey! Broadband UK ISP Logo
Gift: None
Large Availability | View All
Sponsored Links
The Top 15 Category Tags
  1. FTTP (5710)
  2. BT (3564)
  3. Politics (2596)
  4. Openreach (2340)
  5. Business (2320)
  6. Building Digital UK (2274)
  7. FTTC (2060)
  8. Mobile Broadband (2038)
  9. Statistics (1829)
  10. 4G (1723)
  11. Virgin Media (1673)
  12. Ofcom Regulation (1491)
  13. Fibre Optic (1423)
  14. Wireless Internet (1416)
  15. FTTH (1383)

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms  ,  Privacy and Cookie Policy  ,  Links  ,  Website Rules