If you rely on BT for high-speed internet or VoIP, there's a good chance a pair of UK-based researchers know how to enable a backdoor in your router that leaves you wide open to eavesdropping, caller spoofing and other nasty attacks.
The vulnerability resides in the BT Home Hub, one of the UK's most popular home routers, …
Hiding or at least changing the name of your SSID, at least makes it a little bit harder for someone trying to get in. I mean, if you ID a sky router, you've only then got to try admin:sky and you're in. Then again, it wouldn't take long to try all the default user:pass combos that the manufacturers use.
Fair comment Bracken, although most broadband users now have wi-fi, whether they have a laptop or not, so your average thief is not getting any significant intel.
"I know this hole has nothing to do with WiFI, but I felt it prudent to mention that the Home Hub uses WEP by default, i consider it another, even bigger hole."
Theoretically bigger, but in reality I doubt it's that much of an issue.
How many people actually have wardrivers going past their house or geeky neighbours with enough knowledge to crack a WEP WiFi connection? I bet it's a very tiny amount (probably the same as the percentage of linux users vs windows, given that it's generally linux tools used to crack it. Likely smaller than that as only a small percentage of linux users will be interested in hacking WiFi).
The hole in the article however entices your average, not too clued up technically, user (the vast majority), into a malicious site. I bet this is a far greater risk. Of course the same people are also at risk of viruses, trojans, malware and fraud scams, regardless of having BT equipment.
Found a hacking site using the college network that explained the BT Homehub hack. Basically they use a site to trick the router into turning on remote assistance somehow. There is a video of a guy exploiting the hack but they do not describe the website code.
Anyway after a bit of research I have discovered how to disable remote assistance on the BT HomeHub completely thus rendering the exploit impossible and securing your router from BT or whoever else.
Basically you cannot go wrong with this lockdown I am about to describe. Pass it on to anyone with the Hub;)
So step one: Download HubFirmwareRecovery_6226.zip from
or find it on google yourself! This will allow you to recover the hub with the latest firmware if you f&ck up! If you have to use this remember to make sure your PC is using a FIXED IP address and not a DCHP assigned one from the router before applying the firmware!!!
OK so basically we are going to use remote assistance once to save our config so we can make the changes that will disable remote admin for good but ALSO allow you full SuperUser rights in future so you can download your config every now and again to check if anything has changed or to restore it if you ever need to.
so use remote assistance to log in via the WAN IP and save your config...
when it is saved; open it in Notepad and find a section like the fragment below :
Notice that I have changed Administrator to SuperUser on the admin user giving the admin account full root access!!!
Also notice the absence of defremadmin=enabled from the tech user!!!
Make the changes and save the file.
Now upload the new config back into the router. Be patient!!!!!!
Reboot the router and login. You may have to try switching it off and back on again ;) (had to get that in somewhere)
Now when you go to advanced you can see all the backup and restore functions as well as the usual stuff.
Also when you try to setup remote assistance you will notice that it is disabled and thus stops the backdoor hack (I hope).
When BT upload new firmware to your Hub it will hopefully be fixed anyway but if not you can just repeat the process. Don't forget that if anything goes wrong you can easily put the hub back to defaults by reflashing with HubFirmwareRecovery_6226.zip and restoring your config using remote assistance. I have done this with no problems. Of course you will need to set the phone back up.
Register
If you rely on BT for high-speed internet or VoIP, there's a good chance a pair of UK-based researchers know how to enable a backdoor in your router that leaves you wide open to eavesdropping, caller spoofing and other nasty attacks. The vulnerability resides in the BT Home Hub, one of the UK's most popular home routers, …
Page:
Clues
Hiding or at least changing the name of your SSID, at least makes it a little bit harder for someone trying to get in. I mean, if you ID a sky router, you've only then got to try admin:sky and you're in. Then again, it wouldn't take long to try all the default user:pass combos that the manufacturers use.
Fair comment Bracken, although most broadband users now have wi-fi, whether they have a laptop or not, so your average thief is not getting any significant intel.
Slander
Perhaps a little more monitoring of the messages posted here is called for.
Re: I'm sorry.
"I know this hole has nothing to do with WiFI, but I felt it prudent to mention that the Home Hub uses WEP by default, i consider it another, even bigger hole."
Theoretically bigger, but in reality I doubt it's that much of an issue.
How many people actually have wardrivers going past their house or geeky neighbours with enough knowledge to crack a WEP WiFi connection? I bet it's a very tiny amount (probably the same as the percentage of linux users vs windows, given that it's generally linux tools used to crack it. Likely smaller than that as only a small percentage of linux users will be interested in hacking WiFi).
The hole in the article however entices your average, not too clued up technically, user (the vast majority), into a malicious site. I bet this is a far greater risk. Of course the same people are also at risk of viruses, trojans, malware and fraud scams, regardless of having BT equipment.
Fix for the hack maybe?
Found a hacking site using the college network that explained the BT Homehub hack. Basically they use a site to trick the router into turning on remote assistance somehow. There is a video of a guy exploiting the hack but they do not describe the website code.
Anyway after a bit of research I have discovered how to disable remote assistance on the BT HomeHub completely thus rendering the exploit impossible and securing your router from BT or whoever else.
Basically you cannot go wrong with this lockdown I am about to describe. Pass it on to anyone with the Hub;)
So step one: Download HubFirmwareRecovery_6226.zip from
http://static.btopenworld.com/broadband/adhoc_pages/drivers/HubFirmwareRecovery_6226.zip
or find it on google yourself! This will allow you to recover the hub with the latest firmware if you f&ck up! If you have to use this remember to make sure your PC is using a FIXED IP address and not a DCHP assigned one from the router before applying the firmware!!!
OK so basically we are going to use remote assistance once to save our config so we can make the changes that will disable remote admin for good but ALSO allow you full SuperUser rights in future so you can download your config every now and again to check if anything has changed or to restore it if you ever need to.
so use remote assistance to log in via the WAN IP and save your config...
when it is saved; open it in Notepad and find a section like the fragment below :
[ mlpuser.ini ]
add name=admin password=_CYP_blahblahblah role=SuperUser hash2=blahblahblah
add name=Basic password=_CYP_blahblahblahe role=BT_Basic_GUI_User hash2=blahahahahaha defuser=enabled
add name=tech password=_CYP_blahblahblah role=TechnicalSupport hash2=blahahahahahahaha
(Obviously yours wont be blahblahblahblah :>)
Notice that I have changed Administrator to SuperUser on the admin user giving the admin account full root access!!!
Also notice the absence of defremadmin=enabled from the tech user!!!
Make the changes and save the file.
Now upload the new config back into the router. Be patient!!!!!!
Reboot the router and login. You may have to try switching it off and back on again ;) (had to get that in somewhere)
Now when you go to advanced you can see all the backup and restore functions as well as the usual stuff.
Also when you try to setup remote assistance you will notice that it is disabled and thus stops the backdoor hack (I hope).
When BT upload new firmware to your Hub it will hopefully be fixed anyway but if not you can just repeat the process. Don't forget that if anything goes wrong you can easily put the hub back to defaults by reflashing with HubFirmwareRecovery_6226.zip and restoring your config using remote assistance. I have done this with no problems. Of course you will need to set the phone back up.
Page: