Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

O2 Broadband Subscribers’ Online Security at Stake

It was announced in the UK on September 7, 2009 that Internet Service Provider (ISP) O2, a UK-based home broadband service provider, has come up with a solution to the problems concerning its home broadband routers.

The fix was announced after an alert posted by O2 in the first week of September 2009 that the subscribers' routers are exposed to cross-site request forgery (CSRF) attacks.

Paul Mutton, a security researcher and O2 customer who first detected the flaw, said that CSRF permits remote attackers to hijack the router almost completely. It is taking no time for them to steal the wireless encryption key even in case the advanced WPA2 setting has been employed. They are directing external ports to internal IP addresses, as reported by The Register in the starting week of September 2009.

The port-forwarding bit enables a hacker or a malware distributor to break into a user's home network by infiltrating into a PC, set top box, or any other device that would otherwise be safeguarded by router's firewall.

Hackers can also undertake other activities, such as changing the domain name system server to the one secretly redirecting users to fake websites, pretend to be authentic search engines, e-commerce, or bank sites. In other words, attackers can direct users' systems to malicious sites that ultimately results in hacking of customers' personal credentials.

Thanking Paul Mutton, an O2 Spokesperson stated that O2 has been informed about a potential security issue with its Wireless box routers, and said that the issue has been taken very seriously by them and the router manufacturer Thomson is being investigated in this regard, as per the news published by The Register in the first week of September, 2009.

As of now, the service provider has claimed that it has applied remote update to their Wireless Boxes that sets the password to the serial number of the box. The update, however, alleviates the security issue to some extent, but it does not completely eradicate the risk.

O2 concluded by saying that as the bug is in fact grave, and needs to be considered seriously by the subscribers. It urged the customers to change default password and update their security, if they possess an O2-supplied ADSL (Asymmetrical Digital Subscriber Line).

Related article: Ohio Residents’ Stolen Information at Low Risk of ID Fraud

» SPAMfighter News - 10/1/2009

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next