Flaw compromises the security of O2 routers
The Guardian reports that anyone having a router provided by O2 might find that they are vulnerable to remote attacks, according to an O2 customer, who has repeatedly tried to get O2 to take notice of this problem.
The details about this are fairly complicated and depends on ‘cross – site request forgery’, something most of us (including myself) may have never heard of. This is a very serious issue and you should be worried. If in possession of an O2 router, you should reset the default password and ensure that O2 hasn’t changed it back, according to the O2 customer, Andrew Brown.
Nearly 457,000 of O2’s customers could be affected by this as nearly all of O2’s customers would be using the Wireless Box II or III, the only routers being offered by O2. Zen Broadband as well as Be responded to check whether the routers they provide are also affected by this problem.
According to Andrew Brown, O2 has supplied a remote update to the Wireless Boxes whereby their password is set to the serial number of the box. Though this will reduce the problem to a particular extent, it won’t get rid of it. The software release is still vulnerable to this problem.
Be Broadband had sent out a letter to its customers with regard to this, including instructions for the tech – savvies, but the penultimate paragraph should be taken note of. It says that a remote attach might lead to prompts for your router password. You should never comply with this request unless you have initiated the process. Therefore, beware of this and be aware. It is great to see that Be is being precautionary about this. O2 seem to have been doing this very thing – it is because of this that people find their admin passwords being changed suddenly.
