back to article BT battens down Home Hub backdoor

BT has sealed a critical security hole in the Home Hub that offered hackers full control of the router, which is in about two million UK homes. The firm's latest update has kneecapped part of the router's firmware called Remote Assistance, which gives customer support staff admin rights to investigate problems. A BT …


This topic is closed for new posts.
  1. Kris Chaplin
    Thumb Down

    When will they learn...

    It has long been known that the way to stop security holes is to not have any services running unless they are absolutely necessary, and then really be on the ball.

    Look at Win XP - the number of critical services hacks has been reduced substantially by the default enabling of the firewall in recent times, effectively preventing the services being visible from the net.

    Services that are enabled by default are bad news. A router should look stealth on all ports by default, anything else is just begging for someone to start digging.

  2. Anonymous Coward

    Bt doesn't care about your network security

    I recently asked how to set the Home Hub router in bridge mode so I could use a dedicated hardware firewall behind it.

    Their response?

    It can be done but we won't tell you how - it will cost you £25 to phone our HomeItAdvisor who will tell you what to do.

    If it didn't affect others, I sometimes wish I had a spam spewing zombie clogging up their bandwidth.

  3. Gordon

    You think that's bad?

    They usually leave the link unencrypted. I've even been to friends houses to find that they've left the PC looking at their neighbors wireless access point, and the subscribers wireless open and unconfigured. Like they'd just plugged the boxes in, pointed it at the nearest unencrypted network, and waltzed off.

    Awfull service.

  4. Chris Wood

    RE: You think that's bad?

    Gordon, BT have shipped their routers with wireless encryption turned on by default for years now (only WEP, admittedly); unless the engineer went out of his way to turn it off then I doubt what you're saying is true.

    As for leaving user's PCs pointing at the nearest unsecured network, that could happen I guess but I've never had a BT engineer round to install my (BT provided) networking equipment so I can't comment.

  5. Anonymous Coward
    Anonymous Coward

    RE: Bt doesn't care about your network security

    What! You don't know how to do it? And you read The Register?

  6. Christopher Woods

    Ah yes, the Bestar problem strikes again

    As the HomeHub is essentially the same router underneath its skin as the Bebox (which I had for a year whilst I was with Be*), I'm not surprised that this security hole was there.

    I am surprised BT patched it though! Setting the router up in bridge mode is a doddle with the Bebox, someone published a custom template for it (see forums for more info), and I have a feeling it could be modified and adjusted for the BTHH setup as they're both similar routers (Speedtouches).

  7. The Other Steve

    Personally, I wasn't vulnerable anyway

    Jeez Louise, log in to the router via telnet, unlock the admin functions (BT locked them down after people started using HHs on other ISPs) using about five minutes of clue and some easy peasy priv escalation, (or google it if you really are that incapable) remove all privs from the RA role and all other BT supplied users, set up your own.

    Safe as bloody houses. And about the second thing you should have done with a brand new wireless router after changing the encryption to WPA.

    Seriously though, I have to agree, firstly WTF do BT think they're up to providing a remote admin login in the first place ? Secondly, although I'm making out like it's just that easy, Joe Random User has little or no chance of realising that this kind of thing needs doing.

    Bad BT !

    Also, their web interface sucks a fat one, nice if they fixed that while they were busy.

  8. Anonymous Coward
    Anonymous Coward

    RE: RE: Bt doesn't care about your network security

    Is it really the point whether a Register reader knows how to do it or not? As it happens I don't know and my google-fu is obviously weak so I would be grateful if you could tell me (here or give me a link). I tried looking at the beforum but the search is b0rking on me atm ( Exception Details: System.Data.SqlClient.SqlException: ).

    And for everyone else who is not as technically savvy as you, or perhaps specialises in a different field than routers, should they pay the £25 to find out what should be a well documented procedure?

  9. The Other Steve

    RE :RE: RE: Bt doesn't care about your network security

    Get a Thompson 7G CLI reference and manual (Thompson's website is a good place to start), then check out the Home Hub Hack wiki for how to unlock your CLI and get root access to the hub

    You should be able to work it out from there, assuming it's possible.

    I'm not sure quite what makes you think this should be a well documented procedure, how many people want to use a consumer WiFi router as a bridge (as a percentage of total ownership, say) ?

  10. Dave

    T'Other Steve: troll or Asperger's ubergeek???

    to use the now infamous words: you decide!

  11. Anonymous Coward
    Thumb Up

    @The Other Steve

    Firstly, thanks for the link - I'll follow that up.

    Secondly, perhaps I have been unclear. I see it as being something that should be well documented by an ISP for users willing to go the extra mile and install hardware to ensure the security of their network. I feel it is totally inappropriate that they will tell you "yes it can be done. No we won't tell you how to do it unless you spend more money with us".

    I am more than happy to concede that this is information that could be left out of the manual shipped with every unit but making it a pay only resource is where I have problems.

    Again - thanks for your help.

  12. The Other Steve
    Thumb Up

    @AC RE (etc)

    "I am more than happy to concede that this is information that could be left out of the manual shipped with every unit but making it a pay only resource is where I have problems."

    Sorry, I missed a bit off my post here I castigated BT in sympathy. Must be the Aspergers kicking in :-)

    Well out of order to make that a chargeable support issue.


    Could be a bit of both.

This topic is closed for new posts.