ZTE router flaw put 400,000 Hyperoptic customers at hacking risk
Vulnerability lurked in the hardcode of the H298N router
ROUTERS FROM FIBRE PROVIDER HYPEROPTIC contain a flaw that left up to 400,000 British users open to potential hacking.
The H298N routers Hyperoptic provides to its UK users come courtesy of Chinese electronics firm ZTE.
But security firm Context IS discovered that the devices contained "the combination of a hardcoded root account and a DNS rebinding vulnerability", which could have allowed an "internet-based attacker to compromise all customer routers of UK ISP Hyperoptic via a malicious webpage".
Nasty stuff, particularly as the there's no need for a hacker to be on the same network as a targeted router.
Once compromised, a hacker could carry out all manner of nefarious activity, such as sucking up the network's password, snooping on data, or slaving the router into a high-bandwidth botnet that could be used to conduct distributed denial of service attacks.
Working with its partner Which?, Context IS alerted Hyperoptic to the flaw. The broadband provider then jumped into action to plug the vulnerability, and so far there are no murmurs of the security hole being exploited.
"As soon as we were made aware of the concern, we immediately changed the passwords to safeguard these devices, and we have been working together with our supplier to implement new security controls so that our customers can be confident the concern has now been resolved," said Hyperoptic's chief customer officer Steve Holford.
It looks like the security hole can be firmly laid at the doorstep of ZTE. The Chinese company has come under scrutiny from the UK's National Cyber Security Centre (NCSC) which warned telecoms companies operating in Britain to avoid using ZTE tech.
According to Which? the NCSC's warning wasn't related to the router security woes faced by Hyperoptic, though we suspect the broadband provider will think twice about using ZTE routers in the future.
"All ISPs should take this seriously, and invest in thoroughly testing their consumer devices and their infrastructure if they are not already doing so," highlighted Daniel Cater, the security researcher at Context IS, the chap who discovered the router flaw. Sounds like a sensible approach to us, rather than immediately blame Chinese tech. µ
INQ Latest
Opera Touch will give Android users an extra hand while they surf
In case you want to lean nonchalantly against a wall
iPhone X2: TSMC 'starts production' of Apple's A12 chip using 7nm process
Chipmaker promises a performance boost and significant power reduction
Amazon unveils in-car delivery service as the ultimate car boot sale
Smart tech means there's a deposit from a stranger coming to your rear end
Facebook is making it tougher for third-party apps to scrape user data
Firm shutters some APIs in wake of Cambridge Analytica scandal
Most read
