BT to close Remote Assistance hole on Home Hub
A security flaw on the BT Home Hub was identified earlier in October 2007 that could allow someone to gain control of the router. BT Retail has now published an item on its Support & Website that details what BT is doing to close down this vulnerability.
As part of BT’s commitment to protect its customers against internet security threats, the 'Remote Assistance' feature within the BT Home Hub Manager software is being deactivated. As with other Home Hub upgrades, the deactivation will take place remotely.
The removal of this feature, which is not required for normal operation of the Hub, does not impair any BT Total Broadband services and will not affect other PC-based remote access applications or remote upgrades.
Although the 'Remote Assistance' option will still appear on Hub Manager menus, trying to enable it will result in an error message.
Future versions of the Hub firmware will completely remove this feature from the Hub Manager.Disabling of BT Home Hub 'Remote Assistance' feature
The BT Home Hub is a long way from being the only router out there ever to have a vulnerability detected, back in 2004 we covered a problem with Conexant based routers where if someone guessed your routers password they could access it.
Issues like this highlight the neccessity of changing admin passwords on router hardware to something other than the default. Additionally with the recent news items that have highlighted the ease with which WEP encryption can be cracked, switching to WPA or WPA2 encryption for your wireless links is even more paramount.
If you are stuck with using WEP due to a wireless device that does not support WPA or WPA2 encryption, the best you can do is use 128-bit version of WEP and change the keys regularly. Also ensure that all the computers on the network have working software firewalls in place.