GNUCitizen has discovered another hole in the security of the BT Home Hub that allows anyone with LAN access to get hold of the administrator password.
Previously it has been reported that there was a way to determine the default WEP security key on the Home Hub, and the best course of action was to alter your wireless network from WEP to the WPA encryption. In theory if using WPA and a strong key getting access over the wireless network to discover the administrator password should not be possible, but for the many who cannot switch to WPA (e.g. they own older hardware that only supports WEP, or have tried and failed to get it to work) this latest hole means people could access the routers administrator interface and hijack the routers settings.
The Home Hub was recently made more secure in firmware version 6.2.6.E by giving each one a unique administrator password, which was the routers serial number, but GNUCitizen is able to demontrate how by sending a request to a specific multicast IP address you can obtain this password.
While this problem highlights the Home Hub people with other devices are once again reminded about the need to secure their wireless networks.
While there are no reports of mass attacks affecting Home Hub users yet, that does not mean that we know for sure that someone in the UK is not using this method to piggyback on peoples broadband connections.