Emergency fix in the works for EE router flaw

Emergency fix in the works for EE router flaw

Summary: Telecoms firm EE issues an emergency fix for a security flaw in the router it issues to its home broadband customers.

SHARE:

Telecoms firm EE is working on an emergency fix for a security flaw in the routers it issues to customers.

The Bright Box router provided to customers who subscribe to EE's home broadband service leaks access to sensitive customer information, including the password of the EE account holder, according to security researcher Scott Helme.

Helme detailed the flaw in a blog posting earlier this month.

"Being able to grab details like the WPA keys or the hash of my admin passwords was bad enough, but exposing my ISP user credentials represents a huge risk. This is made even worse by the fact it's possible to access all of the data remotely," said Helme in the post.

"Even if the device is only used in the home or small office, this represents a total compromise of the device's security and an attacker could wreak havoc with your account causing huge inconvenience and even financial losses."

An EE spokesman said the company is working on a fix that will address the issues raised by Helme.

"We treat all security matters seriously, and while no personal data will be compromised by the device itself, we would like to reassure customers that we are working on a service update which we plan to issue shortly, and which will remotely and automatically update customers’ Brightboxes with enhanced security protection," he said.

Topics: Networking, Hardware, EU, United Kingdom

About

Nick Heath is chief reporter for TechRepublic UK. He writes about the technology that IT-decision makers need to know about, and the latest happenings in the European tech scene.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • Dumb response!

    "...while no personal data will be compromised by the device itself..." is a lie unless "by just the device" is meant, which is as daft as saying that a gun won't shoot you without external assistance!
    allis0
    • Be careful.

      Perice Morgan, will call you an idiot. He claims "All guns are evil, and should be banned". Funny thing, is his home country, doesn't want his Socialist lie pandering behind back.
      I hate trolls also
  • This isn't news it was hacked two years ago...

    http://www.the-scream.co.uk/forums/t31206.html?
    SideShowBobBob