Huge security alert over BT broadband

Banned 4 replies
Found 25th May 2008
Hundreds of thousands of BT broadband customers are at risk of massive breaches of their computer security because of a flaw in the Home Hub wireless network systems installed by the telecoms giant.

BT has 4.4m broadband customers and it is believed most of those supplied with wi-fi boxes are vulnerable to hacking. Only the latest versions of the BT system are safe from attack.

And though BT has been aware of the problem for months, it has not written to customers to warn them of the risk and the simple fix.

Computer experts last week demonstrated to Financial Mail how easy it was for a hacker to use a free computer program to join a household network without being told the password. It took five minutes for the program to probe the wi-fi hub and gain access.

From there, more skilled computer criminals could access and seize vital personal data from individual computers.

BT said: 'We are aware of this problem, though we don't believe that any customers have been affected. It's important to realise that, though it has been possible to demonstrate a scenario where the hub may be vulnerable, we don't believe it is something that should affect the majority of BT customers.'

Experts from IT security consultancy NCC Group, one of only three UK firms to have a top level accreditation to work with the GCHQ communications centre, said that computer experts had been discussing the weakness for months.

Paul Vlissidis, NCC's technical director and principal consultant Lloyd Brough, said even a 'teenage script kiddie' - the internet equivalent of a phone box vandal - could penetrate Home Hubs. Doing so without permission from the owner of a network would be strictly illegal and people have already been jailed for breaking into wi-fi networks.

Vlissidis, who legitimately hacks into computer systems as a 'penetration tester', said: 'In the jargon of the hackers, this is a simple exploit.

'Once in, a skilled hacker has the opportunity to take total control over systems, including planting software to steal passwords to bank accounts or capturing credit card details.'

Brough added: 'I am sure there are people driving round the suburbs with laptops trying to do this today.'


If you have downloaded your security properly and leave your router switched on all the time to recieve the updates you will be fine!

Stop panicking about stuff like this! anyone can raid your bin and steal your details.

I work for BT, although theres always a very very minimal risk people can hack into things (as with every single thing in the UK these days) theres no need to contact customers about the problem, because to be honest its not really a problem!

You cant say not to worry about these sort of things and just assume you'll be safe. There's more people out there than you think that will be looking for badly configured routers. If you leave your door open long enough, one day some one will walk in.

The report below doesn't mention another flaw that was found with the home hub which is that the default encrypted WEP key can be easily brute forced as the algorithm was ripped from the software that comes with it. So dont use the default WEP key and change it to something more secure, infact get rid of the home hub, buy a better/saffer router.

Just because people can find other ways to hack you doesn't mean you should not try and protect your self.

All WEP and WPA can be cracked with enough time, here are the guys that found the flaw you were originally talking about, they give more detail on how the exploit works.…ub/

Here is the WEP algorithm key I was talking about:…rs/

Heres another flaw which was found last week for dumping the admin password:…ub/

Who ever is in charge or BT InfoSec is a complete numpty.

I think this is a very valid point, people cannot steal your passwords by routing through your bin so those claims are not valid. i have a home hub but don't use it for wifi so switched that off on setup but....
Sometimes I enable it to allow my work laptop to update etc and feel that if notified by BT i would have taken the necessary steps to secure, BT have let me down badly and i may consider this further.
Post a comment
    Top Discussions
    1. Topcashback Trick or Treat competition51460
    2. Magazine competitions - Issue 42 @
    3. Win a Fisher-Price Think & Learn Teach 'n tag Movi @ Netmums11
    4. Win an all-inclusive holiday to Antigua, including flights!11

    See more discussions