By Sharla SikesHome DSL gateways may have a flaw that leaves users’ personal information at risk, a group of “ethical hackers” called GNUCitizens claims. The BT Home Hub firmware version 6.2.6B with BT’S Broadband Talk VoIP Service is the gateway that is vulnerable, the group says.

“We can tell your Home Hub to start a VOIP connection with any telephone number on the planet,” said Adrian Pastor in a video posted on the group’s blog.

During security attacks, a user might be lured to a web site hosting malicious JavaScript; an example would be the frequently realistic bank e-mail scams that inform customers they must log in and update personal information. When a user clicks on the link, the victim’s phone rings, and the gateway initiates a call to another number—while the victim thinks his phone is ringing, his VoIP service is actually dialing out from the home gateway, according to researcher Petko Petkov.

The group says that leaves the DSL user open to a couple of hacks: The caller could persuade the victim to share information such as bank account numbers, or the hacker could use the victim’s phone service to make calls at the victim’s expense.

BT claims the attacks are not an immediate danger to its customers and no customers have reported such an attack, according to a spokesman for the company. BT is currently working on a patch for the Home Hub anyway—better to be safe than sorry, it seems. BT went on to call the public exposure of its Home Hub “irresponsible,” reviving the argument between hackers, security experts and software manufacturers.

Related Content

Subscribe to the post comments feeds or Leave a trackback