Router Fixed after Holes Found

Monday, February 10, 2014 @ 01:02 PM gHale

EE fixed its BrightBox routers to clean up vulnerabilities that allow hackers to access the devices by a simple copy and paste operation.

The latest update resolves two of the three most serious problems found, said Scott Helme, the security researcher who discovered the flaws.

Mobile Woes: Modems Expose Control Panels
Wireless Camera Allows Remote Attacks
Working a Smartphone Against Itself
Bugs in Cisco TelePresence Systems

BrightBox routers go out to EE’s broadband and fiber customers. Helme found the vulnerabilities that exposed WPA encryption keys, passwords and users’ ISP credentials.

These flaws enabled hackers to change a router’s DNS settings in order to intercept a target’s Internet traffic.

Sensitive data, including Wi-Fi SSIDs and WPA2 keys, end up stored in a file called cgi_status.js that an attacker can access without logging into the Brightbox routers, made by Taiwan-based manufacturer Arcadyan.

As with many items of consumer networking equipment, the root cause of the problem stemmed from a failure to build security into the router’s design. Confidential information was accessible remotely as the result of a cross-site reference forgery flaw involving the router’s admin panel.

Helme, an EE customer, carried out his research because of his interest in information security.

The researcher went public with his findings last month, two months after notifying EE about the problem. In response, EE said there was an issue and promised to develop a fix.

EE said it was beginning the phased rollout of an update.

Leave a Reply

You must be logged in to post a comment.