BT has sealed a critical security hole in the Home Hub that offered hackers full control of the router, which is in about two million UK homes. The firm's latest update has kneecapped part of the router's firmware called Remote Assistance, which gives customer support staff admin rights to investigate problems. A BT spokesman …
When will they learn...
It has long been known that the way to stop security holes is to not have any services running unless they are absolutely necessary, and then really be on the ball.
Look at Win XP - the number of critical services hacks has been reduced substantially by the default enabling of the firewall in recent times, effectively preventing the services being visible from the net.
Services that are enabled by default are bad news. A router should look stealth on all ports by default, anything else is just begging for someone to start digging.
Bt doesn't care about your network security
I recently asked how to set the Home Hub router in bridge mode so I could use a dedicated hardware firewall behind it.
It can be done but we won't tell you how - it will cost you £25 to phone our HomeItAdvisor who will tell you what to do.
If it didn't affect others, I sometimes wish I had a spam spewing zombie clogging up their bandwidth.
You think that's bad?
They usually leave the link unencrypted. I've even been to friends houses to find that they've left the PC looking at their neighbors wireless access point, and the subscribers wireless open and unconfigured. Like they'd just plugged the boxes in, pointed it at the nearest unencrypted network, and waltzed off.
RE: You think that's bad?
Gordon, BT have shipped their routers with wireless encryption turned on by default for years now (only WEP, admittedly); unless the engineer went out of his way to turn it off then I doubt what you're saying is true.
As for leaving user's PCs pointing at the nearest unsecured network, that could happen I guess but I've never had a BT engineer round to install my (BT provided) networking equipment so I can't comment.
RE: Bt doesn't care about your network security
What! You don't know how to do it? And you read The Register?
Ah yes, the Bestar problem strikes again
As the HomeHub is essentially the same router underneath its skin as the Bebox (which I had for a year whilst I was with Be*), I'm not surprised that this security hole was there.
I am surprised BT patched it though! Setting the router up in bridge mode is a doddle with the Bebox, someone published a custom template for it (see www.beforum.co.uk forums for more info), and I have a feeling it could be modified and adjusted for the BTHH setup as they're both similar routers (Speedtouches).
Personally, I wasn't vulnerable anyway
Jeez Louise, log in to the router via telnet, unlock the admin functions (BT locked them down after people started using HHs on other ISPs) using about five minutes of clue and some easy peasy priv escalation, (or google it if you really are that incapable) remove all privs from the RA role and all other BT supplied users, set up your own.
Safe as bloody houses. And about the second thing you should have done with a brand new wireless router after changing the encryption to WPA.
Seriously though, I have to agree, firstly WTF do BT think they're up to providing a remote admin login in the first place ? Secondly, although I'm making out like it's just that easy, Joe Random User has little or no chance of realising that this kind of thing needs doing.
Bad BT !
Also, their web interface sucks a fat one, nice if they fixed that while they were busy.
RE: RE: Bt doesn't care about your network security
Is it really the point whether a Register reader knows how to do it or not? As it happens I don't know and my google-fu is obviously weak so I would be grateful if you could tell me (here or give me a link). I tried looking at the beforum but the search is b0rking on me atm ( Exception Details: System.Data.SqlClient.SqlException: ).
And for everyone else who is not as technically savvy as you, or perhaps specialises in a different field than routers, should they pay the £25 to find out what should be a well documented procedure?
RE :RE: RE: Bt doesn't care about your network security
Get a Thompson 7G CLI reference and manual (Thompson's website is a good place to start), then check out the Home Hub Hack wiki for how to unlock your CLI and get root access to the hub
You should be able to work it out from there, assuming it's possible.
I'm not sure quite what makes you think this should be a well documented procedure, how many people want to use a consumer WiFi router as a bridge (as a percentage of total ownership, say) ?
T'Other Steve: troll or Asperger's ubergeek???
to use the now infamous words: you decide!
@The Other Steve
Firstly, thanks for the link - I'll follow that up.
Secondly, perhaps I have been unclear. I see it as being something that should be well documented by an ISP for users willing to go the extra mile and install hardware to ensure the security of their network. I feel it is totally inappropriate that they will tell you "yes it can be done. No we won't tell you how to do it unless you spend more money with us".
I am more than happy to concede that this is information that could be left out of the manual shipped with every unit but making it a pay only resource is where I have problems.
Again - thanks for your help.
@AC RE (etc)
"I am more than happy to concede that this is information that could be left out of the manual shipped with every unit but making it a pay only resource is where I have problems."
Sorry, I missed a bit off my post here I castigated BT in sympathy. Must be the Aspergers kicking in :-)
Well out of order to make that a chargeable support issue.
Could be a bit of both.
- Hi-torque tank engines: EXTREME car hacking with The Register
- Review What's MISSING on Amazon Fire Phone... and why it WON'T set the world alight
- Product round-up Trousers down for six of the best affordable Androids
- Product round-up Ten excellent FREE PC apps to brighten your Windows
- Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...