Home » 

UK ISP News Archives

 » 
Sponsored Links

Researchers Expose BT Home Hub Security Flaw

Posted: 09th Oct, 2007 By: MarkJ
UPDATE: BT has responded to state that they are investigating the claims and have also issued a new firmware update to improve security in a number of areas. It is not known whether this router update patches any of the vulnerabilities exposed below.

Customers of BT's Total Broadband service may be concerned to hear that researchers have exposed a vulnerability in the operators Home Hub router, which could allow an attacker to manipulate the connection.

The exploit potential was first revealed and detailed on the GNUCITIZEN website, which includes a rough video demonstration:

So what can we do? Well, we can fully own the router remotely. At the moment we have three demo exploits which do the following:

* enable backdoor in order to control the router remotely

* disable wireless completely (can only be re-enabled if the user is technically capable)

* steal the WEP/WPA key

Of course there are other attacks you could launch! We can hijack any action with full admin privileges or steal any info returned by a router’s page. This means evilness of the exploits are only limited by the attacker’s imagination. Other examples of evil attacks include evesdropping VoIP conversations (change ’sip config primproxyaddr’ statement in config file), stealing VoIP credentials, exposing internal hosts on the DMZ, change the DNS settings for stealing online banking credentials, disable auto updates (change ‘cwmp.ini’ section in config file), etc.

The group has reportedly contacted BT and Thomson to inform them of the vulnerabilities, yet isn't holding out much hope of a response after the last problem they exposed went without reply. It's believed the exploit will work on all Thomson/Alcatel Speedtouch 7G routers.

The situation is similar to one that cropped up with BeThere's Thomson/Alcatel's Speedtouch 780 routers earlier in the year, except in that situation the attacker needed to have the routers password. Some users never seem to change the default password and they were left exposed.

We hope that the added publicity makes BT more aware of the problem this time and able to respond.
Search ISP News
Search ISP Listings
Search ISP Reviews
 Latest UK ISP News
 Cheapest Superfast Broadband ISPs
  • Hyperoptic £17.99
    Speed 33Mbps, Unlimited
    Gift: None
  • UtilityWarehouse £19.99
    Speed 35Mbps, Unlimited (FUP)
    Gift: None
  • NOW £23.00
    Speed 63Mbps, Unlimited
    Gift: None
  • Vodafone £24.00
    Speed 73 - 82Mbps, Unlimited
    Gift: None
  • Shell Energy £24.99
    Speed 38Mbps, Unlimited
    Gift: None
Large Availability | Compare More ISPs
 Cheapest Ultrafast Broadband ISPs
  • Gigaclear £15.00
    Speed: 150Mbps, Unlimited
    Gift: None
  • Zzoomm £19.95
    Speed: 150Mbps, Unlimited
    Gift: None
  • YouFibre £19.99
    Speed: 150Mbps, Unlimited
    Gift: None
  • Community Fibre £21.00
    Speed: 150Mbps, Unlimited
    Gift: None
  • BeFibre £21.00
    Speed: 150Mbps, Unlimited
    Gift: £25 Love2Shop Card
Large Availability | Compare More ISPs
Cheapest Superfast ISPs
  • Hyperoptic £17.99
    Speed 33Mbps, Unlimited
    Gift: None
  • UtilityWarehouse £19.99
    Speed 35Mbps, Unlimited (FUP)
    Gift: None
  • NOW £23.00
    Speed 63Mbps, Unlimited
    Gift: None
  • Vodafone £24.00
    Speed 73 - 82Mbps, Unlimited
    Gift: None
  • Shell Energy £24.99
    Speed 38Mbps, Unlimited
    Gift: None
Large Availability | View All
Cheapest Ultrafast ISPs
  • Gigaclear £15.00
    Speed: 150Mbps, Unlimited
    Gift: None
  • Zzoomm £19.95
    Speed: 150Mbps, Unlimited
    Gift: None
  • YouFibre £19.99
    Speed: 150Mbps, Unlimited
    Gift: None
  • Community Fibre £21.00
    Speed: 150Mbps, Unlimited
    Gift: None
  • BeFibre £21.00
    Speed: 150Mbps, Unlimited
    Gift: £25 Love2Shop Card
Large Availability | View All
Helpful ISP Guides and Tips
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
Sponsored Links
The Top 20 Category Tags
  1. FTTP (5411)
  2. BT (3491)
  3. Politics (2499)
  4. Openreach (2279)
  5. Business (2227)
  6. Building Digital UK (2218)
  7. FTTC (2039)
  8. Mobile Broadband (1943)
  9. Statistics (1766)
  10. 4G (1641)
  11. Virgin Media (1596)
  12. Ofcom Regulation (1439)
  13. Wireless Internet (1380)
  14. Fibre Optic (1380)
  15. FTTH (1379)
  16. 5G (1217)
  17. Vodafone (1128)
  18. EE (1112)
  19. TalkTalk (927)
  20. O2 (919)
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms  ,  Privacy and Cookie Policy  ,  Links  ,  Website Rules