Emergency fix in the works for EE router flaw

Summary:Telecoms firm EE issues an emergency fix for a security flaw in the router it issues to its home broadband customers.

Telecoms firm EE is working on an emergency fix for a security flaw in the routers it issues to customers.

The Bright Box router provided to customers who subscribe to EE's home broadband service leaks access to sensitive customer information, including the password of the EE account holder, according to security researcher Scott Helme.

Helme detailed the flaw in a blog posting earlier this month.

"Being able to grab details like the WPA keys or the hash of my admin passwords was bad enough, but exposing my ISP user credentials represents a huge risk. This is made even worse by the fact it's possible to access all of the data remotely," said Helme in the post.

"Even if the device is only used in the home or small office, this represents a total compromise of the device's security and an attacker could wreak havoc with your account causing huge inconvenience and even financial losses."

An EE spokesman said the company is working on a fix that will address the issues raised by Helme.

"We treat all security matters seriously, and while no personal data will be compromised by the device itself, we would like to reassure customers that we are working on a service update which we plan to issue shortly, and which will remotely and automatically update customers’ Brightboxes with enhanced security protection," he said.

Topics: Networking, EU, Hardware, United Kingdom

About

Nick Heath is chief reporter for TechRepublic UK. He writes about the technology that IT-decision makers need to know about, and the latest happenings in the European tech scene.

Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.