Skip Navigation


BT to close Remote Assistance hole on Home Hub
Monday 22 October 2007 16:43:16 by Andrew Ferguson

A security flaw on the BT Home Hub was identified earlier in October 2007 that could allow someone to gain control of the router. BT Retail has now published an item on its Support & Website that details what BT is doing to close down this vulnerability.

As part of BT’s commitment to protect its customers against internet security threats, the 'Remote Assistance' feature within the BT Home Hub Manager software is being deactivated. As with other Home Hub upgrades, the deactivation will take place remotely.

The removal of this feature, which is not required for normal operation of the Hub, does not impair any BT Total Broadband services and will not affect other PC-based remote access applications or remote upgrades.

Although the 'Remote Assistance' option will still appear on Hub Manager menus, trying to enable it will result in an error message.

Future versions of the Hub firmware will completely remove this feature from the Hub Manager.

Disabling of BT Home Hub 'Remote Assistance' feature

The BT Home Hub is a long way from being the only router out there ever to have a vulnerability detected, back in 2004 we covered a problem with Conexant based routers where if someone guessed your routers password they could access it.

Issues like this highlight the neccessity of changing admin passwords on router hardware to something other than the default. Additionally with the recent news items that have highlighted the ease with which WEP encryption can be cracked, switching to WPA or WPA2 encryption for your wireless links is even more paramount.

If you are stuck with using WEP due to a wireless device that does not support WPA or WPA2 encryption, the best you can do is use 128-bit version of WEP and change the keys regularly. Also ensure that all the computers on the network have working software firewalls in place.

Comments

Posted by CARPETBURN over 6 years ago
The homehub has had issues way before october this year, a previous flaw in a firmware revision was previously pointed out to BT and they totally ignored it.
Posted by paulbeattie87 over 6 years ago
Actually quite smart how its already disabled without a firmware upgrade.
Posted by ste__ over 6 years ago
"back in 2004 we covered a problem with Conexant based routers where if someone guessed your routers password they could access it"
Uhm.. no sh*t :)
Posted by andrew (Favicon staff member) over 6 years ago
The conexant issue was that these ports were accessible by default across the Internet.
Posted by adriandaz over 6 years ago
Yes Andrew, iirc it was the telnet, web interface and ftp server on the routers which was wide open to the WAN side, pretty scary!
Posted by SteveRM over 6 years ago
I use a BT Home Hub, how will I know if and when BT have disabled remote access on my hub?
You must be logged in to post comments. Click here to login.