Comments on: BT Home Hub: Wireless Security Vulnerabilities Discovered

By: Dexee

Dexee — Thu, 03 Jul 2008 13:24:12 +0000

Jamie,

I myself have accessed over 12 BThubs and can tell you exactly what can be done.

Users connected via wireless connection can access the web and download any material they require. They can also access your hub itself and change the configuration settings password. Your WEP Key can also be changed to WPA with the hacker possesing the password.

Hope this is of help to you

By: Yup

Yup — Tue, 27 May 2008 23:06:22 +0000

My math is supafly. The answer to your question is 42.

By: Simon Perry

Simon Perry — Mon, 19 May 2008 07:24:15 +0000

Jamie - thanks for the comment. We’re going to go off and have a think about this one.

By: jamie

jamie — Fri, 16 May 2008 16:55:10 +0000

hi guys, i really need help and dont know where else to go.

before we start i better tell you i have the bthomehub, (wireless, although i use ethernet cable) the same one in the picture above and have had it for roughly a year and a half. i have never taken any security precutions because i was stupid enough to think BT being the massive company they are, would have it covered.
ok. my situation is that i am being taken to court by a big law firm representing an xbox360 game developer, they say i have illigally downloaded a xbox360 game and they want alot of money from me that i just dont have. at first i was suspescious but found out they are legit. i contacted bt and ask for a complete history of my own downloading activity, and to my shock and horror apperntly i have downloaded well over 1TB of xbox games, pc games, films, programs, music etc, since i joined bt.

i know myself that i havnt downloaded anything illigally, (especially xbox 360 games because i dont have a xbox 360 nor do i have the knowledge how to play copied games)
i live on my own, in a block of flats and no one else has access to my home pc. i have looked all over the internet for the answer to my question but can only find how unsecure the homehub is, i cant find what people can do by hacking the homehub.
i know that because it has been a long period of time that this downloading has been happening it has to have been someone close enough to my wireless connection.
so my question is, is it possible that one of my neighbours has hijacked my wireless ip address and have been using it since i have joined up with bt and have been using it to do what they want. and also if you know, would bt be able to find out if someone has done this.

any response would be GREATLY appriciated, if the answer is a simple no then i dont have a clue how this has happened and they have me by the balls.

ps. sorry about the spelling.

By: Simon Perry

Simon Perry — Wed, 23 Apr 2008 09:48:08 +0000

Thanks for posting the reply Adrian.

Great to get the official from the team behind it.

By: Adrian Pastor

Adrian Pastor — Wed, 23 Apr 2008 09:39:11 +0000

@Dave: NO, the “hacker” doesn’t need to know the serial number. All that is needed to carry out this attack is the SSID of the BT Home Hub WiFi network.

Needless to say, the SSID (network name) can be obtained by anyone who is close to the target Home Hub.

By: BT Statement on Home Hub Wireless Security : Digital-Lifestyles (alpha remix)

BT Statement on Home Hub Wireless Security : Digital-Lifestyles (alpha remix) — Wed, 23 Apr 2008 08:22:25 +0000

[…] our story on the vulnerabilities of the BT Home Hub, the most widely used DSL wireless router in the UK, BT sent us this statement last week after we […]

By: Dave

Dave — Thu, 17 Apr 2008 09:18:10 +0000

so does a hacker need the serial number of the unit or not?