BT home router wide open to hijackers

If you rely on BT for high-speed internet or VoIP, there's a good chance a pair of UK-based researchers know how to enable a backdoor in your router that leaves you wide open to eavesdropping, caller spoofing and other nasty attacks.

The vulnerability resides in the BT Home Hub, one of the UK's most popular home routers, according to Adrian Pastor and Petko D. Petkov. A constellation of bugs in the router, which is made by Thomson/Alcatel, make it possible to bypass the device's password authentication system and gain complete administrative control. All an attacker needs to do to exploit the weaknesses is lure the victim to a maliciously crafted website, according to this post on the GNUCitizen blog. The exploit doesn't require knowledge of the administrator password.

View: The full story
News source: The Reg

Report a problem with article
Previous Story

Nvidia G92 GPU launch brought forward

Next Story

McAfee buys into encryption market


Commenting is disabled on this article.

your forgetting: its not made by BT, they dont control the firmware, they just pay to have it branded, alcatel / thompson make and own the firmware, moan to them for an update

Your lucky, i'm stuck with the crap they call an Orange Livebox, which gets an update every 50 years (give or take a year or so!) :P

Hopefully they will patch it. The good thing about the Home Hub is that it automatically updates. I hope they will sort out some other minor networking issues as well, like the completely random dropping of the DHCP stuff. I don't know the technical term.

It would be nice if they fixed the prot forwarding too; mine seem to work for about 10 minutes before the port is closed and access to it is no-longer avalible unless i restart the hub =/

This seems to mainly happen when I want to port forward for both UDP and TCP..

But BT doesnt seem to do what would be nice, do they?