Hackers issue BT Home Hub warning

Ethical hacking group GNUCitizen.org has warned that the default settings on one of the UK's most widely used wireless routers is leaving customers open to attack.

The group showed in a blog posting that the BT Home Hub, the wireless router supplied to BT Broadband customers, uses algorithms that make the device easy to crack when in default mode.

Using reverse-engineering techniques the group said that the hub's Wired Equivalent Privacy (WEP) keys can be predicted in just 80 guesses, but had decided against making its automated guessing program publicly available.

GNUCitizen's findings appear to confirm long-term concerns about the security of the WEP encryption protocol.

"It is quite likely that the bad guys can break into your network if you are using the default encryption key. Our advice is to use WPA rather than WEP and change the default encryption key now," GNUCitizen said.

Responding to the criticisms, BT denied that real-life users of the device were in any serious danger of hack attacks.

"It is important to realise that, although it has been possible to demonstrate a scenario where the hub may be vulnerable, we do not believe it is something that should affect the majority of BT customers in real life," the company said in a statement.

BT, which has published details on how to more effectively secure the router, said that other operators supplying the Thomson-manufactured device were also affected by the issue.

See also:

BT acquires Wire One

Telco expands videoconferencing portfolio  11 Apr 2008

Ben Verwaayen steps down at BT

Ian Livingston picks up the baton  08 Apr 2008

BT confirms secret Phorm trial

Telco insists user data was not compromised  02 Apr 2008

BT hamstrings Home Hub hackers

Remote Assistance feature switched off completely  22 Oct 2007

Like this story? Spread the news by clicking below:

 del.icio.us     Digg this     reddit!