Skip Navigation

O2 customers vulnerable to router hack
Wednesday 02 September 2009 15:51:25 by John Hunt

O2 customers with an O2 Wireless Box II or III are vulnerable to a remote router hack that allows attackers to view or change settings on the router without permission. The problem lies in the firmware of the Thomson TG585 and TG585n routers, and other providers who use these routers are also likely to be affected. A spokesman talking to The Register released the following statement.

"We have been notified of a potential security issue with the O2 Wireless box routers. We take this issue very seriously and are investigating it with the router manufacturer, Thomson. We thank Mr Mutton for bringing it to our attention."

O2 statement

Once in the router, a remote attacker could configure the router to allow access to the users home network which is usually protected by the built in firewall. Users can mitigate the risk of attack by enabling authentication on the routers web interface.

Unfortunately, O2 were less than helpful when the problem was reported to them by Paul Mutton. O2 deemed that their router was "encrypted and secure to a level we find acceptable" when he tried repeatedly to raise the issue with them. Paul finally got somewhere by talking to BE, who are owned by O2, who brought this to the attention of the right people in O2. BE have suffered security vulnerabilities in their routers before so it's good to see they are on the ball now as they use similar routers and some models are thought to be vulnerable. Zen who also use Thomson routers also contacted Paul and are talking to Thomson about the results of their findings.

Thankfully, full details of the problem will not be released until after the problem is fixed. More details, and the responses Paul received from O2 can be found at


Posted by volatileacid over 8 years ago
This chap Paul doesn't reveal details of the exploit on his website. I don't think it's anything more than a backdoor default password for o2 techs. Hardly rocket science really!?
Posted by citizenx over 8 years ago
Pretty much everything can be exploited in some way or another. Really, mountain out of molehill if you ask me.
Posted by rich44 over 8 years ago
Except you'd have to be connected to their network to get to the router interface BEFORE you could get the WEP/WPA(2) key so I think it's possibly a little more complex than the master admin "backdoor"
Posted by uniquename over 8 years ago
There are also links in [url=]this post[/url] in the forums to reports Of the BT Home Hube suffering the same vulnerability in 2007. I'm not aware of any report of it being fixed.
Posted by GMAN99 over 8 years ago
HH was fixed ages ago... in fact when the story broke it had already been fixed.
Posted by Gzero over 8 years ago
A fixed has been issued apparently. Off to check my router config.
Posted by volatileacid over 8 years ago
Be* have just sent out an email on how to secure the box:

The BE Box is vulnerable to an XSS (cross-site scripting) combined with a CRSF (cross-site request forgery) that allows a remote attacker to perform actions on the Web UI (user interface), via the use of JavaScript - and without the user's knowledge or consent.

In the short term, in order to stop this from occurring we are going to set the password on everyone's BE Box.

Posted by otester over 8 years ago

That's not true, you can hack WEP/WPA/WPA2 quite easily if you know what you're doing.

So in comparison, this article is nothing.
Posted by volatileacid over 8 years ago
otester: no you cannot hack WPA2 - it's not within the realms of the the general public yet. We don't have the computing power. there are no tools available for to hack WPA2 - please before making wild claims do your research.

If you do come back to challenge me - provide a reference - your word is not good enough.
Posted by otester over 8 years ago

If a mod gives me the go ahead I'll tell you what tools you can use.

I don't want to get banned from the site.
Posted by uniquename over 8 years ago
Whatever methods have been used to break WPA2 seem to be within university labs with extremely long-winded methods.

Hardly what someone down the street or sitting in a car has access to.
Posted by GMAN99 over 8 years ago
"Posted by otester 3 days ago
That's not true, you can hack WEP/WPA/WPA2 quite easily if you know what you're doing.

So in comparison, this article is nothing." Cough. BS. WEP sure, WPA & WPA2 easily, no sorry.
Posted by be_user over 8 years ago
BE changed my router login password one day this week without telling me. Neither have I received an email to alert me to the fact that there 'could' be a security issue with it. I almost reset the router as I could not access its' settings. Thank you to you guys for bringing this to my attention, as a result, I realised what the password had been changed to after reading Paul's web site.
Posted by TGVrecord over 8 years ago
Normally I find Be very good at passing on info, but in this case I have not received any emails or text messages. Seems that they have lost focus since the web site update!
Posted by aardware over 8 years ago
O2 issued a security update this week, they haven't bothered emailing about it at all, and when I phoned up to ask why I couldn't access my interface they told me to reset it. When I asked if this would delete my firewall settings or any of the changes they'd made to stabilise the line they refuse to fix, they said no, they will stay the same. Worst thing is, I BELIEVED THEM! I WORK IN IT FFS!
You must be logged in to post comments. Click here to login.