Multiple vulnerabilities in the BT Home Hub, one of the United Kingdom's most popular routers, are threatening to expose users to a host of eavesdropping, call spoofing, and various other nasty attacks. All an attacker needs to do to exploit the weaknesses is lure the victim to a maliciously crafted Web site.
Researchers Adrian Pastor and Petko D. Petkov have discovered a method to bypass the device's password authentication and gain complete administrative control.
"The BT Home Hub is vulnerable to an authentication bypass that allows us to make any administrative requests to the router from a malicious Web site WITHOUT needing username and password," Pastor wrote in an e-mail to The Reg. He and Petkov have confirmed the vulnerability in the BT Home Hub running the most recent firmware. They believe the exploit will work on all Thomson/Alcatel Speedtouch 7G routers.
The worrying aspect of this flaw is that a remote attacker need only social-engineer a user into visiting a prepared Web site.
Full administrative control can then be gained, making it possible to steal a user's WPA key, listen in on VoIP calls, steal VoIP credentials, or even change DNS settings so users are silently redirected to fraudulent Web sites.
You can read more about this exploit at GNUCITIZEN.
Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.