Security issues for routers
In a letter addressed to all its subscribers, the Be Broadband Blog has said that they have been informed of a possible security problem which could target the BE Box. The crux of the problem, according to the letter, was that it would enable someone else to change the settings on your router.
In an effort to get everyone, including people who didn’t read this letter, protected, they decided to update the password automatically for all its subscribers. The password will be unique to each subscriber and will be the individual serial number which is found at the bottom of the BE Box. A guide is available for changing the password subsequently at their website.
Be wanted to emphasise that the wireless key was not being modified, but it was the administrator web interface’s password that was being changed.
The script was automatically run on the 7th of September. For subscribers who didn’t want Be to do this, they were allowed to stop it by downloading and running the tool from their website.
For their more tech – savvy customers, a detailed explanation was given with regard to the problem. They said that the BE Box was under threat from an XSS which was working in tandem with a CRSF and enabled a remote attacker to carry out actions on the Web UI by using a JavaScript without the knowledge of the subscriber.
The short term would see the halting of this occurrence by setting the password as the serial number of the customer’s BE Box.
After this had been done, if any unauthorized person attempted to hack your router, you will be asked to enter your Admin password. Do not enter it or else the attack will become successful. Do not enter your password when it randomly asks for it.
Be said that they would be working with Thomson in the long run in order to make the firmware’s resistance to these attacks better.
