Paul Vlissidis, a technical director for I.T. consultancy NCC Group, has criticised BT for failing to inform all of its customers about a serious security flaw in the operators 'BT Home Hub' broadband routers. The Wi-Fi based vulnerability itself does not appear to be anything new and was first reported earlier in the year (see bottom of news for related history).

However, Vlissidis is concerned by BT's attempts to play down the situation and its inability to directly inform all customers about the vulnerability. Speaking to The Telegraph newspaper, he said:


Mercifully fixing the flaw is a simple matter of changing the routers wireless security to WPA instead of WEP and altering the default password. It's also important to point out that this problem does not affect customers with version 1.5 or above of the router.

Unfortunately many of BT's customers are not tech savvy enough to do this and while a guide does exist on the operator’s site (here), many users may not be aware of its existence. BT continues to claim that the risk is being blown out of all proportion, though it is difficult to tell without knowing precisely how many customers are still vulnerable.

Related News History
15 April, 2008 - GNUCitizen Exposes More BT Home Hub Flaws
22 January, 2008 - UPDATE: GNUCitizen Uncovers BT Home Hub Vulnerability
23 October, 2007 - BT Total Broadband Closes Home Hub Vulnerability
09 October, 2007 - Researchers Expose BT Home Hub Security Flaw