* Posts by darren saunders

1 post • joined 19 Oct 2007

BT home router wide open to hijackers

darren saunders
Happy

Fix for the hack maybe?

Found a hacking site using the college network that explained the BT Homehub hack. Basically they use a site to trick the router into turning on remote assistance somehow. There is a video of a guy exploiting the hack but they do not describe the website code.

Anyway after a bit of research I have discovered how to disable remote assistance on the BT HomeHub completely thus rendering the exploit impossible and securing your router from BT or whoever else.

Basically you cannot go wrong with this lockdown I am about to describe. Pass it on to anyone with the Hub;)

So step one: Download HubFirmwareRecovery_6226.zip from

http://static.btopenworld.com/broadband/adhoc_pages/drivers/HubFirmwareRecovery_6226.zip

or find it on google yourself! This will allow you to recover the hub with the latest firmware if you f&ck up! If you have to use this remember to make sure your PC is using a FIXED IP address and not a DCHP assigned one from the router before applying the firmware!!!

OK so basically we are going to use remote assistance once to save our config so we can make the changes that will disable remote admin for good but ALSO allow you full SuperUser rights in future so you can download your config every now and again to check if anything has changed or to restore it if you ever need to.

so use remote assistance to log in via the WAN IP and save your config...

when it is saved; open it in Notepad and find a section like the fragment below :

[ mlpuser.ini ]

add name=admin password=_CYP_blahblahblah role=SuperUser hash2=blahblahblah

add name=Basic password=_CYP_blahblahblahe role=BT_Basic_GUI_User hash2=blahahahahaha defuser=enabled

add name=tech password=_CYP_blahblahblah role=TechnicalSupport hash2=blahahahahahahaha

(Obviously yours wont be blahblahblahblah :>)

Notice that I have changed Administrator to SuperUser on the admin user giving the admin account full root access!!!

Also notice the absence of defremadmin=enabled from the tech user!!!

Make the changes and save the file.

Now upload the new config back into the router. Be patient!!!!!!

Reboot the router and login. You may have to try switching it off and back on again ;) (had to get that in somewhere)

Now when you go to advanced you can see all the backup and restore functions as well as the usual stuff.

Also when you try to setup remote assistance you will notice that it is disabled and thus stops the backdoor hack (I hope).

When BT upload new firmware to your Hub it will hopefully be fixed anyway but if not you can just repeat the process. Don't forget that if anything goes wrong you can easily put the hub back to defaults by reflashing with HubFirmwareRecovery_6226.zip and restoring your config using remote assistance. I have done this with no problems. Of course you will need to set the phone back up.

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2021