Broadband News

Default wireless security key can be figured out on BT Home Hub

As one of the most commonly used wireless modem/router devices in the UK it is perhaps no surprise to see that a group has found out a way of figuring out the default security key on the BT Home Hub.

Digital Lifestyles carries a statement from BT on the possible security problem. It should be pointed out that the advice given applies to all wireless routers.

"We are aware of this problem, although we don’t believe that any customers have been affected.

It’s important to realise that although it has been possible to demonstrate a scenario where the hub may be vulnerable, we don’t believe it is something that should affect the majority of BT customers in real life.

Customers with enquiries on how to further protect their network will be directed to, which gives detail of a number of precautionary actions that can be taken to help increase their on-line security. These include:

  • Changing the default wireless key and the encryption type from WEP to WPA.
  • Changing the admin login password of the Hub Manager. Leaving the Hub switched-on at all times, including overnight to benefit from firmware updates as they become available.
  • Having AV and firewall software installed on all computers.
  • Being wary of unknown web sites and e-mails from unknown sources, including invalid security certificates."
Statement from BT on Home Hub security

It would appear the risk only arises if someone knows the serial number for your BT Home Hub, which suggests they have physical access to the router, at which point other security issues are probably more of a concern, e.g. what is this person doing in your home. For shared households this may be an issue if one housemate is not suppossed to be using the connection.

Using WPA encryption (or WPA2 if available) for your wireless network is the preferred system and unlike WEP does not require complicated hexadecimal strings (i.e. just characters A to F and digits 0 to 9), but remember to use something that is unique and not guessable, so avoid things like your address, phone number, birth dates.


Strangely, I was thinking about this the other day and wondered how BT and others did that - I came to the conclusion that it would probably be an algorithm based on some identifier that is broadcast in the clear, perhaps the MAC address of the WLAN?

Anyway, I would always recommend using WPA and create a password from a website like

  • brindy
  • over 12 years ago

With our neighbours consent I tested the vulnerability on their router. This vulnerability works. There are 3 more Homehubs on this street and they're all vulnerable too.

There is no requirement to know the serial number, all that is required is to know the format of the serial numbers.

As an aside Be users will note that there is a sticker on their router that says "SSID=Bebox". Under that sticker is the default SSID which, as detailed on (the original source of this info), if used will result in the Bebox (ST780WL) becoming vulnerable too.

  • rizla
  • over 12 years ago

Oh and since the KEY is compromised it makes no difference what the encryption algorithm is. Important to hammer that point home. WPA/WPA2 is just as vulnerable to this as WEP.

  • rizla
  • over 12 years ago

It's not as if it would take long to crack a WEP key anyway, there's plenty of free software out there to do it for you.

  • ian72
  • over 12 years ago

...And people wonder why I don't trust BT over in the FON post, eh.

  • Dawn_Falcon
  • over 12 years ago

It's not really about BT though - It's about the way Thomson (and others) generate keys on their boxes.

I'm struggling with what the best solution is to this, as wireless connections is still one of our biggest support call generators. Certainly my view is that one of the WPS deployments seems like the best idea going forward.

I imagine this story will push up the priority of implementing that across the industry.

  • ianwild
  • over 12 years ago

That wikipedia page is clear as mud, Ian.

So... it's a standard protocol for the formerly vendor-specific router "easy setup" methods. Useful for the less tech-minded I'm sure.

  • Dawn_Falcon
  • over 12 years ago

Well, it's the less tech minded who buy most of our products and use most of our support, so giving them something simple yet secure is the answer.

Quite a lot of new routers seem to have the button, but it doesn't yet do anything in most cases. I've used the AVM Fritzbox USB key thing, and that seemed quite easy, but it must add some expense.


  • ianwild
  • over 12 years ago

Oh yea, I'm not knocking the concept, just that awful wikipedia page.

The only easy-setup I've tried which has worked was that on a late-model WRT54G.

  • Dawn_Falcon
  • over 12 years ago

I have an interesting question, I have just changed from WEP to WPA-PSK on the Homehub. My speed is down to it's normal 700k at this time of night but the response from my computer is far faster than normal.
Why would this be? I didn't think the encrption would have any effect on the wireless speed, is it less prone to data corruption giving me a better speed?

  • jumpmum
  • over 12 years ago

Post a comment

Login Register