Posted: 26th May, 2008 By: MarkJ
Paul Vlissidis, a technical director for I.T. consultancy NCC Group, has criticised BT for failing to inform all of its customers about a serious security flaw in the operators '
BT Home Hub' broadband routers. The
Wi-Fi based vulnerability itself does not appear to be anything new and was first reported earlier in the year (see bottom of news for related history).
However, Vlissidis is concerned by BT's attempts to play down the situation and its inability to directly inform all customers about the vulnerability. Speaking to
The Telegraph newspaper, he said:
"All the bad guys know about this," warned Mr Vlissidis. "It is very widely published on the internet and the software is very easy to get hold of. The only people that don't seem to be aware are the customers of the networks."
"I'm concerned that BT seems to be telling people this is a theoretical vulnerability. It's not theoretical at all. This is not something that we just thought up, it is something you can do."
Mercifully fixing the flaw is a simple matter of changing the routers wireless security to WPA instead of WEP and altering the default password. It's also important to point out that this problem does not affect customers with version 1.5 or above of the router.
Unfortunately many of BT's customers are not tech savvy enough to do this and while a guide does exist on the operators site (
here), many users may not be aware of its existence. BT continues to claim that the risk is being blown out of all proportion, though it is difficult to tell without knowing precisely how many customers are still vulnerable.
Related News History15 April, 2008 - GNUCitizen Exposes More BT Home Hub Flaws22 January, 2008 - UPDATE: GNUCitizen Uncovers BT Home Hub Vulnerability23 October, 2007 - BT Total Broadband Closes Home Hub Vulnerability09 October, 2007 - Researchers Expose BT Home Hub Security Flaw