Indeed, and here is some more information on that
"A soon to be released version of the PowerGrid DH-10PF Ethernet Adapter will also enable one of the main requirements of IPTV operators: a TR-069-compliant powerline adapter. These devices will allow operators to remotely manage every node installed in the network, perform firmware upgrades and access logged data among many other features. "Our service provider customers want to manage every node in the home network without modifying the home gateway or broadband router in any way. Every change made to a gateway or router could delay a deployment by several months, especially if the equipment has to be re-certified.", Harold Fitch stated. "
(That's from 2008)
And it was the DH-10P and DH-10PF models that were recalled. So at some point, these units have phoned into a Comtrend auto config server on BT's network, as described here :
So it isn't necesarily the hub that's peeking into your LAN, but the comtrend PLT's that are phoning out.
Then again, as the above poster says, most likely the hub is also TR069 compliant.
Something that isn't mentioned in the wikipedia article on TR069 ( http://en.wikipedia.org/wiki/TR-069 ), but is mentioned in the linked Comtrend document is the following :
"At any time, CT-ACS can request that a CPE initiate a connection to the CT-ACS using the Connection Request notification mechanism. By using the Connection Request, Comtrend ACS can ask the CPE to reboot or restore CPE settings to the factory defaults. Comtrend ACS can also send Grouping Connection Requests to all of the CPEs that belong to a certain CPE Group."
This is how BT update your HH firmware for example.
Can it do other stuff ? Oh hell yeah.
" For example, it can ask the CPE to ping an IP address or hostname and report the result of the ping test."
And so on.
So fuck yes, it's an issue, fuck yes, BT could be doing anything in your network that the the TR-069/CWMP setup allows them to do, and fuck yeah, we should be concerned.
However, this is a general issue regarding TR-069 management, not just specifically BT. Although they are asshats.
Any device that uses TR-069/CWMP does not belong to you unless you can switch it off. Any network you install such a device on, well, join the dots.
PS. Note particularly in the above quote "Our service provider customers want to manage every node in the home network without modifying the home gateway or broadband router in any way"
So just swapping out the hub is not going to solve the problem that your PLTs are ratting on you. I have never yet plugged my PLTs in. But I most certainly will be doing so now, into a machine with a network analyser running on it.
Oh, and this could all be wrong, could be some other mechanism. Glad to hear from anyone who knows better.