Broadband News

BT to close Remote Assistance hole on Home Hub

A security flaw on the BT Home Hub was identified earlier in October 2007 that could allow someone to gain control of the router. BT Retail has now published an item on its Support & Website that details what BT is doing to close down this vulnerability.

As part of BT’s commitment to protect its customers against internet security threats, the 'Remote Assistance' feature within the BT Home Hub Manager software is being deactivated. As with other Home Hub upgrades, the deactivation will take place remotely.

The removal of this feature, which is not required for normal operation of the Hub, does not impair any BT Total Broadband services and will not affect other PC-based remote access applications or remote upgrades.

Although the 'Remote Assistance' option will still appear on Hub Manager menus, trying to enable it will result in an error message.

Future versions of the Hub firmware will completely remove this feature from the Hub Manager.

Disabling of BT Home Hub 'Remote Assistance' feature

The BT Home Hub is a long way from being the only router out there ever to have a vulnerability detected, back in 2004 we covered a problem with Conexant based routers where if someone guessed your routers password they could access it.

Issues like this highlight the neccessity of changing admin passwords on router hardware to something other than the default. Additionally with the recent news items that have highlighted the ease with which WEP encryption can be cracked, switching to WPA or WPA2 encryption for your wireless links is even more paramount.

If you are stuck with using WEP due to a wireless device that does not support WPA or WPA2 encryption, the best you can do is use 128-bit version of WEP and change the keys regularly. Also ensure that all the computers on the network have working software firewalls in place.


The homehub has had issues way before october this year, a previous flaw in a firmware revision was previously pointed out to BT and they totally ignored it.

  • over 13 years ago

Actually quite smart how its already disabled without a firmware upgrade.

  • paulbeattie87
  • over 13 years ago

"back in 2004 we covered a problem with Conexant based routers where if someone guessed your routers password they could access it"
Uhm.. no sh*t :)

  • ste__
  • over 13 years ago

The conexant issue was that these ports were accessible by default across the Internet.

  • andrew
  • thinkbroadband staff
  • over 13 years ago

Yes Andrew, iirc it was the telnet, web interface and ftp server on the routers which was wide open to the WAN side, pretty scary!

  • adriandaz
  • over 13 years ago

I use a BT Home Hub, how will I know if and when BT have disabled remote access on my hub?

  • SteveRM
  • over 13 years ago

Post a comment

Login Register