Researchers expose BT home hub security flaw

Customers of BT's Total Broadband service may be concerned to hear that researchers have exposed a vulnerability in the operators Home Hub router, which could allow an attacker to manipulate the connection.

So what can we do? Well, we can fully own the router remotely. At the moment we have three demo exploits which do the following:

* enable backdoor in order to control the router remotely

* disable wireless completely (can only be re-enabled if the user is technically capable)

* steal the WEP/WPA key

Of course there are other attacks you could launch! We can hijack any action with full admin privileges or steal any info returned by a router’s page. This means evilness of the exploits are only limited by the attacker’s imagination. Other examples of evil attacks include evesdropping VoIP conversations (change ’sip config primproxyaddr’ statement in config file), stealing VoIP credentials, exposing internal hosts on the DMZ, change the DNS settings for stealing online banking credentials, disable auto updates (change ‘cwmp.ini’ section in config file), etc.

The group has reportedly contacted BT and Thomson to inform them of the vulnerabilities, yet isn't holding out much hope of a response after the last problem they exposed went without reply. It's believed the exploit will work on all Thomson/Alcatel Speedtouch 7G routers.

The situation is similar to one that cropped up with BeThere's Thomson/Alcatel's Speedtouch 780 routers earlier in the year, except in that situation the attacker needed to have the routers password. Some users never seem to change the default password and they were left exposed.

We hope that the added publicity makes BT more aware of the problem this time and able to respond.

print this article

Return to hosting news headlines
View Hosting News Archive

Share with: