A Broadband and ADSL forum. BroadbanterBanter

Welcome to BroadbanterBanter.

You are currently viewing as a guest which gives you limited access to view most discussions and other FREE features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today.

Go Back   Home » BroadbanterBanter forum » Newsgroup Discussions » uk.telecom.broadband (UK broadband)
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

uk.telecom.broadband (UK broadband) (uk.telecom.broadband) Discussion of broadband services, technology and equipment as provided in the UK. Discussions of specific services based on ADSL, cable modems or other broadband technology are also on-topic. Advertising is not allowed.

Hyperoptic left 400,000 British homes open to hacking..



 
 
Thread Tools Display Modes
  #1  
Old April 25th 18, 09:12 AM posted to uk.telecom.broadband
Richard Jones
external usenet poster
 
Posts: 1
Default Hyperoptic left 400,000 British homes open to hacking..

https://www.telegraph.co.uk/technolo...s-open-hacking


Most households won't be aware that the WiFi routers - the small boxes
that are sent by broadband providers to get them connected to the web -
are vulnerable to hackers if they are not secured properly.

Someone with remote access to a router could snoop on someone's web
browsing, send malware to devices that are connected to the router and
retrieve users' financial and personal information.

Now, a flaw has been found in routers provided by Hyperoptic, Britain's
largest residential gigabit broadband provider.

Consumer watchdog Which? warned Hyperoptic about the vulnerability in
November.

Hyperoptic said that 400,000 customers are using the affected routers,
but that it had changed password settings on the rest of its customers
using a newer version of the product.

If exploited, attackers could log into the router, allowing them to
change the password, watch what the user was browsing and weaken the
security firewalls that protect other internet-connected devices from
further attacks - all without the victim knowing.

Hyperoptic's routers were manufactured by Chinese tech giant ZTE, which
the National Cyber Security Centre has warned networking companies
against using over national security concerns.

Chinese technology has been in the spotlight this year after concerns
were raised over its influence in our telecommunication infrastructure.
Another Chinese manufacturer, Huawei, was one of the biggest investors
into our current 4G and upcoming 5G networks. But it faces obstacles in
the US.

Despite this, Hyperoptic says it will continue to provide customers with
ZTE routers.
  #2  
Old April 25th 18, 10:00 AM posted to uk.telecom.broadband
Roderick Stewart
external usenet poster
 
Posts: 496
Default Hyperoptic left 400,000 British homes open to hacking..

On Wed, 25 Apr 2018 09:12:51 +0100, Richard Jones
wrote:

Most households won’t be aware that the WiFi routers - the small boxes
that are sent by broadband providers to get them connected to the web -
are vulnerable to hackers if they are not secured properly.

Someone with remote access to a router could snoop on someone’s web
browsing, send malware to devices that are connected to the router and
retrieve users’ financial and personal information.


Scare stories like this appear regularly in the popular press, but
they never explain how it's possible to get access to a home router
from the internet. I can only log in to mine from the local network
side. From the internet side it doesn't even answer pings, so even if
a would-be interloper knew my IP address they couldn't even tell that
anything was there.

As far as I can see, the only unofficial access to my local network
would have to be via wireless, which would have to be from somebody
within about 50 yards, or perhaps less. The risk is still non-zero of
course, but in my circumstances I regard it as comfortably negligible.
I do check from time to time to see if anything I don't recognise has
managed to connect to my wireless network, and nothing ever has.

So what's the real risk, if there really is one?

Rod.

---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

  #3  
Old April 25th 18, 10:35 AM posted to uk.telecom.broadband
Andy Burns[_5_]
external usenet poster
 
Posts: 237
Default Hyperoptic left 400,000 British homes open to hacking..

Roderick Stewart wrote:

Scare stories like this appear regularly in the popular press, but
they never explain how it's possible to get access to a home router
from the internet.


In this case it seems all the Hyperoptic/ZTE routers had a fixed admin
password, so a phishing attack was possible, in combination with DNS
rebinding.

I register someorotherdomain.com

I send out spam linking to www.someorotherdomain.com

I arrange my DNS server so that the first time you query
www.someorotherdomain.com you get the IP address of my webserver, and I
send you a page containing a malicious script.

Normally a script retrieved from one domain isn't allowed to connect to
another domain, so I can't touch your router ... but ...

The malicious page then accesses another URL at
www.someorotherdomain.com however in the first step I set an extremely
rapid expiry on the DNS result, so it has already expired from your
cache, and the second time I organise that my DNS server returns
192.168.1.1, my script then connects to your router using the known
credentials and bingo it can alter the router's configuration.

https://www.contextis.com/resources/advisories/hyperoptic-zte-home-routers

That's one reason I run my own DNS server, and set it to discard
upstream RFC1918 DNS responses, also my router doesn't run the
supplier's firmware.

  #4  
Old April 25th 18, 11:28 AM posted to uk.telecom.broadband
Recliner[_3_]
external usenet poster
 
Posts: 6
Default Hyperoptic left 400,000 British homes open to hacking..

Richard Jones wrote:
https://www.telegraph.co.uk/technolo...s-open-hacking


Most households won't be aware that the WiFi routers - the small boxes
that are sent by broadband providers to get them connected to the web -
are vulnerable to hackers if they are not secured properly.

Someone with remote access to a router could snoop on someone's web
browsing, send malware to devices that are connected to the router and
retrieve users' financial and personal information.

Now, a flaw has been found in routers provided by Hyperoptic, Britain's
largest residential gigabit broadband provider.

Consumer watchdog Which? warned Hyperoptic about the vulnerability in
November.

Hyperoptic said that 400,000 customers are using the affected routers,
but that it had changed password settings on the rest of its customers
using a newer version of the product.

If exploited, attackers could log into the router, allowing them to
change the password, watch what the user was browsing and weaken the
security firewalls that protect other internet-connected devices from
further attacks - all without the victim knowing.

Hyperoptic's routers were manufactured by Chinese tech giant ZTE, which
the National Cyber Security Centre has warned networking companies
against using over national security concerns.

Chinese technology has been in the spotlight this year after concerns
were raised over its influence in our telecommunication infrastructure.
Another Chinese manufacturer, Huawei, was one of the biggest investors
into our current 4G and upcoming 5G networks. But it faces obstacles in
the US.

Despite this, Hyperoptic says it will continue to provide customers with
ZTE routers.


Interesting that our illiterate friend, 7, hasn't popped up to tell us why
Hyperoptic's embarrassing problem is all BT's fault.

  #5  
Old April 25th 18, 03:05 PM posted to uk.telecom.broadband
R. Mark Clayton[_2_]
external usenet poster
 
Posts: 446
Default Hyperoptic left 400,000 British homes open to hacking..

On Wednesday, 25 April 2018 11:28:11 UTC+1, Recliner wrote:
Richard Jones wrote:
https://www.telegraph.co.uk/technolo...s-open-hacking


Most households won't be aware that the WiFi routers - the small boxes
that are sent by broadband providers to get them connected to the web -
are vulnerable to hackers if they are not secured properly.

Someone with remote access to a router could snoop on someone's web
browsing, send malware to devices that are connected to the router and
retrieve users' financial and personal information.

Now, a flaw has been found in routers provided by Hyperoptic, Britain's
largest residential gigabit broadband provider.

Consumer watchdog Which? warned Hyperoptic about the vulnerability in
November.

Hyperoptic said that 400,000 customers are using the affected routers,
but that it had changed password settings on the rest of its customers
using a newer version of the product.

If exploited, attackers could log into the router, allowing them to
change the password, watch what the user was browsing and weaken the
security firewalls that protect other internet-connected devices from
further attacks - all without the victim knowing.

Hyperoptic's routers were manufactured by Chinese tech giant ZTE, which
the National Cyber Security Centre has warned networking companies
against using over national security concerns.

Chinese technology has been in the spotlight this year after concerns
were raised over its influence in our telecommunication infrastructure.
Another Chinese manufacturer, Huawei, was one of the biggest investors
into our current 4G and upcoming 5G networks. But it faces obstacles in
the US.

Despite this, Hyperoptic says it will continue to provide customers with
ZTE routers.


Interesting that our illiterate friend, 7, hasn't popped up to tell us why
Hyperoptic's embarrassing problem is all BT's fault.


Or OFCUM - of course given all his bilious diatribes about them, they will remain as scrupulously impartial as ever...
  #6  
Old April 27th 18, 12:40 AM posted to uk.telecom.broadband
Brian Gregory[_2_]
external usenet poster
 
Posts: 8
Default Hyperoptic left 400,000 British homes open to hacking..

On 25/04/2018 10:35, Andy Burns wrote:
Roderick Stewart wrote:

Scare stories like this appear regularly in the popular press, but
they never explain how it's possible to get access to a home router
from the internet.


In this case it seems all the Hyperoptic/ZTE routers had a fixed admin
password, so a phishing attack was possible, in combination with DNS
rebinding.

I register someorotherdomain.com

I send out spam linking to www.someorotherdomain.com

I arrange my DNS server so that the first time you query
www.someorotherdomain.com you get the IP address of my webserver, and I
send you a page containing a malicious script.

Normally a script retrieved from one domain isn't allowed to connect to
another domain, so I can't touch your router ... but ...

The malicious page then accesses another URL at
www.someorotherdomain.com however in the first step I set an extremely
rapid expiry on the DNS result, so it has already expired from your
cache, and the second time I organise that my DNS server returns
192.168.1.1, my script then connects to your router using the known
credentials and bingo it can alter the router's configuration.

https://www.contextis.com/resources/advisories/hyperoptic-zte-home-routers


That's one reason I run my own DNS server, and set it to discard
upstream RFC1918 DNS responses, also my router doesn't run the
supplier's firmware.


I believe OpenDNS will also never return RFC1918 IPs.

--

Brian Gregory (in England).
  #7  
Old April 27th 18, 10:06 PM posted to uk.telecom.broadband
stephen
external usenet poster
 
Posts: 372
Default Hyperoptic left 400,000 British homes open to hacking..

On Fri, 27 Apr 2018 00:40:39 +0100, Brian Gregory
wrote:

On 25/04/2018 10:35, Andy Burns wrote:
Roderick Stewart wrote:

Scare stories like this appear regularly in the popular press, but
they never explain how it's possible to get access to a home router
from the internet.


In this case it seems all the Hyperoptic/ZTE routers had a fixed admin
password, so a phishing attack was possible, in combination with DNS
rebinding.

I register someorotherdomain.com

I send out spam linking to www.someorotherdomain.com

I arrange my DNS server so that the first time you query
www.someorotherdomain.com you get the IP address of my webserver, and I
send you a page containing a malicious script.

Normally a script retrieved from one domain isn't allowed to connect to
another domain, so I can't touch your router ... but ...

The malicious page then accesses another URL at
www.someorotherdomain.com however in the first step I set an extremely
rapid expiry on the DNS result, so it has already expired from your
cache, and the second time I organise that my DNS server returns
192.168.1.1, my script then connects to your router using the known
credentials and bingo it can alter the router's configuration.

https://www.contextis.com/resources/advisories/hyperoptic-zte-home-routers


That's one reason I run my own DNS server, and set it to discard
upstream RFC1918 DNS responses, also my router doesn't run the
supplier's firmware.


I believe OpenDNS will also never return RFC1918 IPs.


There actually is a standard for which address blocks have special
uses - and which of those should not appear on the Internet.

If they do it is either an error somewhere (which seems to be the
common case) or malicious

https://tools.ietf.org/html/rfc8190

--
Stephen
  #8  
Old April 28th 18, 12:33 PM posted to uk.telecom.broadband
Bob Eager[_4_]
external usenet poster
 
Posts: 13
Default Hyperoptic left 400,000 British homes open to hacking..

On Fri, 27 Apr 2018 22:06:36 +0100, Stephen wrote:

On Fri, 27 Apr 2018 00:40:39 +0100, Brian Gregory
wrote:

On 25/04/2018 10:35, Andy Burns wrote:
Roderick Stewart wrote:

Scare stories like this appear regularly in the popular press, but
they never explain how it's possible to get access to a home router
from the internet.

In this case it seems all the Hyperoptic/ZTE routers had a fixed admin
password, so a phishing attack was possible, in combination with DNS
rebinding.

I register someorotherdomain.com

I send out spam linking to www.someorotherdomain.com

I arrange my DNS server so that the first time you query
www.someorotherdomain.com you get the IP address of my webserver, and
I send you a page containing a malicious script.

Normally a script retrieved from one domain isn't allowed to connect
to another domain, so I can't touch your router ... but ...

The malicious page then accesses another URL at
www.someorotherdomain.com however in the first step I set an extremely
rapid expiry on the DNS result, so it has already expired from your
cache, and the second time I organise that my DNS server returns
192.168.1.1, my script then connects to your router using the known
credentials and bingo it can alter the router's configuration.

https://www.contextis.com/resources/...ptic-zte-home-

routers


That's one reason I run my own DNS server, and set it to discard
upstream RFC1918 DNS responses, also my router doesn't run the
supplier's firmware.


I believe OpenDNS will also never return RFC1918 IPs.


There actually is a standard for which address blocks have special uses
- and which of those should not appear on the Internet.


Um, yes. It's RFC1918. See above.

  #9  
Old April 29th 18, 09:14 PM posted to uk.telecom.broadband
stephen
external usenet poster
 
Posts: 372
Default Hyperoptic left 400,000 British homes open to hacking..

On 28 Apr 2018 11:33:33 GMT, Bob Eager wrote:

On Fri, 27 Apr 2018 22:06:36 +0100, Stephen wrote:

On Fri, 27 Apr 2018 00:40:39 +0100, Brian Gregory
wrote:

On 25/04/2018 10:35, Andy Burns wrote:
Roderick Stewart wrote:

Scare stories like this appear regularly in the popular press, but
they never explain how it's possible to get access to a home router
from the internet.

In this case it seems all the Hyperoptic/ZTE routers had a fixed admin
password, so a phishing attack was possible, in combination with DNS
rebinding.

I register someorotherdomain.com

I send out spam linking to www.someorotherdomain.com

I arrange my DNS server so that the first time you query
www.someorotherdomain.com you get the IP address of my webserver, and
I send you a page containing a malicious script.

Normally a script retrieved from one domain isn't allowed to connect
to another domain, so I can't touch your router ... but ...

The malicious page then accesses another URL at
www.someorotherdomain.com however in the first step I set an extremely
rapid expiry on the DNS result, so it has already expired from your
cache, and the second time I organise that my DNS server returns
192.168.1.1, my script then connects to your router using the known
credentials and bingo it can alter the router's configuration.

https://www.contextis.com/resources/...ptic-zte-home-

routers


That's one reason I run my own DNS server, and set it to discard
upstream RFC1918 DNS responses, also my router doesn't run the
supplier's firmware.


I believe OpenDNS will also never return RFC1918 IPs.


There actually is a standard for which address blocks have special uses
- and which of those should not appear on the Internet.


Um, yes. It's RFC1918. See above.


Actually - no, or not complete.


RFC1918 sets up 3 blocks of addresses for private use - companies
typically use them for internal networks, a SOHO router will use 1 by
default and so on.

So if aDNS address allocation fails the interface will usually
allocate a random address from 169.254.x.x - that block is reserved
for "link local" use, and shouldnt appear on the Internet as a normal
address

But there are other blocks allocated for "non public" use and various
RFCs after 1918 give a list in place of the others as well.

https://www.iana.org/assignments/ian...registry.xhtml

--
Stephen
  #10  
Old May 4th 18, 10:41 AM posted to uk.telecom.broadband
7[_2_]
external usenet poster
 
Posts: 464
Default Hyperoptic left 400,000 British homes open to hacking..

R. Mark Clayton wrote:

On Wednesday, 25 April 2018 11:28:11 UTC+1, Recliner wrote:
Richard Jones wrote:
https://www.telegraph.co.uk/technolo...s-open-hacking


Most households won't be aware that the WiFi routers - the small boxes
that are sent by broadband providers to get them connected to the web -
are vulnerable to hackers if they are not secured properly.

Someone with remote access to a router could snoop on someone's web
browsing, send malware to devices that are connected to the router and
retrieve users' financial and personal information.

Now, a flaw has been found in routers provided by Hyperoptic, Britain's
largest residential gigabit broadband provider.

Consumer watchdog Which? warned Hyperoptic about the vulnerability in
November.

Hyperoptic said that 400,000 customers are using the affected routers,
but that it had changed password settings on the rest of its customers
using a newer version of the product.

If exploited, attackers could log into the router, allowing them to
change the password, watch what the user was browsing and weaken the
security firewalls that protect other internet-connected devices from
further attacks - all without the victim knowing.

Hyperoptic's routers were manufactured by Chinese tech giant ZTE, which
the National Cyber Security Centre has warned networking companies
against using over national security concerns.

Chinese technology has been in the spotlight this year after concerns
were raised over its influence in our telecommunication infrastructure.
Another Chinese manufacturer, Huawei, was one of the biggest investors
into our current 4G and upcoming 5G networks. But it faces obstacles in
the US.

Despite this, Hyperoptic says it will continue to provide customers
with ZTE routers.


Interesting that our illiterate friend, 7, hasn't popped up to tell us
why Hyperoptic's embarrassing problem is all BT's fault.


Or OFCUM - of course given all his bilious diatribes about them, they will
remain as scrupulously impartial as ever...


Yes they shall shalleth they not troll?

 




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Hyperoptic hits 100,000 fibre to the home subscribers in 2015 7[_2_] uk.telecom.broadband (UK broadband) 27 April 20th 16 11:41 PM
- 1,000,000 FR.EE VISITORS ON YOUR SITE! - Reuben Joyner uk.comp.home-networking (UK home networking) 0 July 29th 06 12:32 PM
ADVERTISE TO 30,000,000 WEEKLY FOREVER! [email protected] uk.comp.home-networking (UK home networking) 0 November 30th 05 06:38 PM
1,000,000 FR.EE VISITORS ON YOUR SITE!- Cheryl Baker uk.comp.home-networking (UK home networking) 0 November 14th 05 06:48 AM
1,000,000 Visitors to Your Website Without Paying a Dime In Advertising.. Scott Sanchas uk.comp.home-networking (UK home networking) 0 August 1st 04 11:41 AM


All times are GMT +1. The time now is 10:35 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.Content Relevant URLs by vBSEO 2.4.0
Copyright ©2004-2018 BroadbanterBanter.
The comments are property of their posters.