Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Hyperoptic left 400,000 British homes open to hacking..
443 views
Skip to first unread message
Richard Jones
Apr 25, 2018, 4:12:54 AM4/25/18
to
https://www.telegraph.co.uk/technology/2018/04/24/broadband-flaw-left-400000-brits-open-hacking
Most households won’t be aware that the WiFi routers - the small boxes
that are sent by broadband providers to get them connected to the web -
are vulnerable to hackers if they are not secured properly.
Someone with remote access to a router could snoop on someone’s web
browsing, send malware to devices that are connected to the router and
retrieve users’ financial and personal information.
Now, a flaw has been found in routers provided by Hyperoptic, Britain's
largest residential gigabit broadband provider.
Consumer watchdog Which? warned Hyperoptic about the vulnerability in
November.
Hyperoptic said that 400,000 customers are using the affected routers,
but that it had changed password settings on the rest of its customers
using a newer version of the product.
If exploited, attackers could log into the router, allowing them to
change the password, watch what the user was browsing and weaken the
security firewalls that protect other internet-connected devices from
further attacks - all without the victim knowing.
Hyperoptic’s routers were manufactured by Chinese tech giant ZTE, which
the National Cyber Security Centre has warned networking companies
against using over national security concerns.
Chinese technology has been in the spotlight this year after concerns
were raised over its influence in our telecommunication infrastructure.
Another Chinese manufacturer, Huawei, was one of the biggest investors
into our current 4G and upcoming 5G networks. But it faces obstacles in
the US.
Despite this, Hyperoptic says it will continue to provide customers with
ZTE routers.
Most households won’t be aware that the WiFi routers - the small boxes
that are sent by broadband providers to get them connected to the web -
are vulnerable to hackers if they are not secured properly.
Someone with remote access to a router could snoop on someone’s web
browsing, send malware to devices that are connected to the router and
retrieve users’ financial and personal information.
Now, a flaw has been found in routers provided by Hyperoptic, Britain's
largest residential gigabit broadband provider.
Consumer watchdog Which? warned Hyperoptic about the vulnerability in
November.
Hyperoptic said that 400,000 customers are using the affected routers,
but that it had changed password settings on the rest of its customers
using a newer version of the product.
If exploited, attackers could log into the router, allowing them to
change the password, watch what the user was browsing and weaken the
security firewalls that protect other internet-connected devices from
further attacks - all without the victim knowing.
Hyperoptic’s routers were manufactured by Chinese tech giant ZTE, which
the National Cyber Security Centre has warned networking companies
against using over national security concerns.
Chinese technology has been in the spotlight this year after concerns
were raised over its influence in our telecommunication infrastructure.
Another Chinese manufacturer, Huawei, was one of the biggest investors
into our current 4G and upcoming 5G networks. But it faces obstacles in
the US.
Despite this, Hyperoptic says it will continue to provide customers with
ZTE routers.
Roderick Stewart
Apr 25, 2018, 5:00:38 AM4/25/18
to
On Wed, 25 Apr 2018 09:12:51 +0100, Richard Jones
<ne...@rgjones.screaming.net> wrote:
>Most households won’t be aware that the WiFi routers - the small boxes
>that are sent by broadband providers to get them connected to the web -
>are vulnerable to hackers if they are not secured properly.
>
>Someone with remote access to a router could snoop on someone’s web
>browsing, send malware to devices that are connected to the router and
>retrieve users’ financial and personal information.
Scare stories like this appear regularly in the popular press, but
<ne...@rgjones.screaming.net> wrote:
>Most households won’t be aware that the WiFi routers - the small boxes
>that are sent by broadband providers to get them connected to the web -
>are vulnerable to hackers if they are not secured properly.
>
>Someone with remote access to a router could snoop on someone’s web
>browsing, send malware to devices that are connected to the router and
>retrieve users’ financial and personal information.
they never explain how it's possible to get access to a home router
from the internet. I can only log in to mine from the local network
side. From the internet side it doesn't even answer pings, so even if
a would-be interloper knew my IP address they couldn't even tell that
anything was there.
As far as I can see, the only unofficial access to my local network
would have to be via wireless, which would have to be from somebody
within about 50 yards, or perhaps less. The risk is still non-zero of
course, but in my circumstances I regard it as comfortably negligible.
I do check from time to time to see if anything I don't recognise has
managed to connect to my wireless network, and nothing ever has.
So what's the real risk, if there really is one?
Rod.
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
Andy Burns
Apr 25, 2018, 5:35:09 AM4/25/18
to
Roderick Stewart wrote:
> Scare stories like this appear regularly in the popular press, but
> they never explain how it's possible to get access to a home router
> from the internet.
In this case it seems all the Hyperoptic/ZTE routers had a fixed admin
> Scare stories like this appear regularly in the popular press, but
> they never explain how it's possible to get access to a home router
> from the internet.
password, so a phishing attack was possible, in combination with DNS
rebinding.
I register someorotherdomain.com
I send out spam linking to www.someorotherdomain.com
I arrange my DNS server so that the first time you query
www.someorotherdomain.com you get the IP address of my webserver, and I
send you a page containing a malicious script.
Normally a script retrieved from one domain isn't allowed to connect to
another domain, so I can't touch your router ... but ...
The malicious page then accesses another URL at
www.someorotherdomain.com however in the first step I set an extremely
rapid expiry on the DNS result, so it has already expired from your
cache, and the second time I organise that my DNS server returns
192.168.1.1, my script then connects to your router using the known
credentials and bingo it can alter the router's configuration.
<https://www.contextis.com/resources/advisories/hyperoptic-zte-home-routers>
That's one reason I run my own DNS server, and set it to discard
upstream RFC1918 DNS responses, also my router doesn't run the
supplier's firmware.
Recliner
Apr 25, 2018, 6:28:11 AM4/25/18
to
Hyperoptic's embarrassing problem is all BT's fault.
R. Mark Clayton
Apr 25, 2018, 10:06:00 AM4/25/18
to
Brian Gregory
Apr 26, 2018, 7:40:41 PM4/26/18
to
--
Brian Gregory (in England).
Stephen
Apr 27, 2018, 5:06:40 PM4/27/18
to
uses - and which of those should not appear on the Internet.
If they do it is either an error somewhere (which seems to be the
common case) or malicious
https://tools.ietf.org/html/rfc8190
--
Stephen
Bob Eager
Apr 28, 2018, 7:33:35 AM4/28/18
to
Stephen
Apr 29, 2018, 4:14:33 PM4/29/18
to
RFC1918 sets up 3 blocks of addresses for private use - companies
typically use them for internal networks, a SOHO router will use 1 by
default and so on.
So if aDNS address allocation fails the interface will usually
allocate a random address from 169.254.x.x - that block is reserved
for "link local" use, and shouldnt appear on the Internet as a normal
address
But there are other blocks allocated for "non public" use and various
RFCs after 1918 give a list in place of the others as well.
https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml
--
Stephen
7
May 4, 2018, 5:41:41 AM5/4/18
to
7
May 4, 2018, 5:51:15 AM5/4/18
to
Anthony R. Gold wrote:
> On Wed, 25 Apr 2018 10:28:10 -0000 (UTC), Recliner
> <recli...@btinternet.com> wrote:
>
>> Interesting that our illiterate friend, 7, hasn't popped up to tell us
>> why Hyperoptic's embarrassing problem is all BT's fault.
>
> He's be gone from here for two weeks, and long may it continue.
Unlike you know who, I'm busy. Th spill chicker included.
$14 SFP modems have ripped the guts out BT (British Telecum) that lies on
public newspapwer like ft.com claiming there is no demand for fiber when
BT itslef has around 1 million fiber connections is poof that BT is a
lying no good nfor nothng crap cumpany and propped up with offcum
and its dark fiber tax which BT does not pay but which all small companies
must pay so that BT may live. Whaat a fscking troll eh?
> On Wed, 25 Apr 2018 10:28:10 -0000 (UTC), Recliner
> <recli...@btinternet.com> wrote:
>
>> Interesting that our illiterate friend, 7, hasn't popped up to tell us
>> why Hyperoptic's embarrassing problem is all BT's fault.
>
Unlike you know who, I'm busy. Th spill chicker included.
$14 SFP modems have ripped the guts out BT (British Telecum) that lies on
public newspapwer like ft.com claiming there is no demand for fiber when
BT itslef has around 1 million fiber connections is poof that BT is a
lying no good nfor nothng crap cumpany and propped up with offcum
and its dark fiber tax which BT does not pay but which all small companies
must pay so that BT may live. Whaat a fscking troll eh?
djc...@gmail.com
May 4, 2018, 5:47:59 PM5/4/18
to
Hi all,
I'm the researcher at Context behind the story. Thanks for posting it here. Our statement is here (and has recently been updated with a detailed timeline): https://www.contextis.com/news/hyperoptic-router-could-be-hacked-by-clicking-a-link
Andy above is spot on - although it's true that the web interface is not directly accessible from the Internet, it is accessible from a user's browser. Therefore, if you can use a malicious webpage to reach the ZTE router (such as via DNS rebinding in this case), then you can connect to it. That, combined with a hidden hardcoded account with a shared password across all routers, is what allowed this attack to work prior to the fix being completed on 30th April.
Also, the default Hyperoptic DNS servers which are set in the routers do not block DNS responses containing private IP addresses (as opposed to OpenDNS as discussed above).
If you have any questions please let me know!
Thanks,
Daniel.
I'm the researcher at Context behind the story. Thanks for posting it here. Our statement is here (and has recently been updated with a detailed timeline): https://www.contextis.com/news/hyperoptic-router-could-be-hacked-by-clicking-a-link
Andy above is spot on - although it's true that the web interface is not directly accessible from the Internet, it is accessible from a user's browser. Therefore, if you can use a malicious webpage to reach the ZTE router (such as via DNS rebinding in this case), then you can connect to it. That, combined with a hidden hardcoded account with a shared password across all routers, is what allowed this attack to work prior to the fix being completed on 30th April.
Also, the default Hyperoptic DNS servers which are set in the routers do not block DNS responses containing private IP addresses (as opposed to OpenDNS as discussed above).
If you have any questions please let me know!
Thanks,
Daniel.
Andy Burns
May 4, 2018, 6:11:38 PM5/4/18
to
Was it actually exploited, or discovered first?
djc...@gmail.com
May 5, 2018, 9:44:51 PM5/5/18
to
0 new messages