Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[burakkucat]

lol it's all good in the modem - but It is also in the router too... - now disable that one!

Disconnect the Beattie supplier router, give it a gentle tap with a 14 lb sledge hammer, sweep up the bits, drop them into the bin and connect your own router/switch/WAP/DHCP server, etc. Some people ask the most obvious sort of questions! 

[SecTSys]

 

You see i have the opposite problem to most people here - My BT HH3.0b works with my Huewei Modem - and i get good speeds,  - which is completely unlike BT i must say! (might be something to do with my track record of harrassing them immediately upon the discovery of a problem)



so all i really need is to remove the BTagent from my router and bingo - i have a damned fine connection without the appearance of what could be "Spyware"

I have tried other routers and found that though they work with my connection - none seem to ever be able to pick up the speeds this one does... despite testing routers for about a month to two months at a time. these results are pretty constant too, i am always about 2 Mb off my total download speed 5 at peek times.

So my interest in getting the HH3.0b unlocked is purely in the event that i switch to another provider. - which with BT's Prices could happen sooner rather than later.

[Bald_Eagle1]

I have to ask. What actual harm or potential harm and/or risk is caused by leaving BTAgent & TR-069 as factory set in the HG612 or any modem/router, locked or unlocked?

I have simply unlocked my HG612, leaving all its other settings as is (apart from enabling its internal logging).

Should I be genuinely concerned about this?

[broadstairs]

I have to ask. What actual harm or potential harm and/or risk is caused by leaving BTAgent & TR-069 as factory set in the HG612 or any modem/router, locked or unlocked?

I have simply unlocked my HG612, leaving all its other settings as is (apart from enabling its internal logging).

Should I be genuinely concerned about this?

I think the point is that no one knows..... you pays your money and makes your choice..... I for one think it is a step too far, not because I believe that BT are doing anything wrong necessarily but because any code like this which is a backdoor to BT 'could' become a backdoor to someone who is totally untrustworthy.

Stuart

[zcutlip]

just reading back through Zachs Twitter page - looking at all the info on their regarding the BT HH3.0b and the work he was doing i found a few obvious posts but one very nice looking pic that wasn't posted here before there may be other posts in reference to the BT HH3.0b but i cannot determine them myself or i believe i know they are but would need clarification

You missed this one. ;-)
https://twitter.com/zcutlip/status/244054971740479488

[smucat]

Disconnect the Beattie supplier router, give it a gentle tap with a 14 lb sledge hammer, sweep up the bits, drop them into the bin and connect your own router/switch/WAP/DHCP server, etc.

Loving b*cat's sense of humour here, but do remember to then take the bin to your local civic amenties site (tip) to dispose of as WEEE waste. http://www.environment-agency.gov.uk/business/topics/waste/32096.aspx

[btsimonh]

For anyone who wants to have a crack, the below post describes enough to get going on trying to get a prompt on the hhv3b.
I've not managed it yet, but am giving up for a while, so if anyone does make progress from here, let us know..

http://www.psidoc.com/showthread.php/823-Bt-home-hub-3-type-B?p=5024#post5024

[zcutlip]

I just wanted to update everyone on what's been going on.  We've officially notified BT of the vulnerability, and I've been working with their security people on the issue.  I have to say, BT has been super cool to work with.  They're a very professional group.  My understanding is that an updated firmware that addresses the issue will be forthcoming, but I'm not clear on when.  For now, it is our intention to release a proof-of-concept exploit in 30 days.  I'll try to post an update if that timeline changes.

Clearly, I can't share any technical details on the vulnerability, but I think it's okay to summarize the risk to users for those who are worried.

Based on my analysis, this vulnerability doesn't appear to pose a risk to users from the Internet--it is only exposed on the LAN side.   As such, ensure that your wireless is secured with WPA2 so that only authorized users can connect.  Also ensure no unauthorized users have access to your wired ethernet.  Of course this is generally good advice that should be practiced even in the absence of known vulnerabilities.

Zach

[btsimonh]

I think it's okay to summarize the risk to users for those who are worried.

Thanks Zach, we will await your next move.  I just hope it will work on my partially dead router; may be the only way to resurrect it .  I won't be able test with a live router as BT have replaced it with a V3A. As long as the exploit is not on the web interface, I may be be able to work with the V3B I have.

[kitz]

Thanks Zach for the update.

>> I have to say, BT has been super cool to work with.

I think I mentioned in an earlier post that they are amicable person-to-person.  They also seem to have a lot of weight to be able to get the likes of Broadcom etc etc to jump PDQ.

>>  addresses the issue will be forthcoming, but I'm not clear on when.

From my past experience, once the issue had been identified it took about 1-2 weeks for the new firmware to be released  for testing, then another couple of weeks until it was rolled to the general public.  I suppose it depends on how serious the issue is as to how urgent the roll out will be.

I also hope that they dont try to take this opportunity when correcting an exploit, to plug any holes for the advances made so far in 'friendly hacking' of the router. :unsure:

[kitz]

  Hmm . . . b*cat senses that a degree of misunderstanding has been shown in the latter posts to this thread.

Oops sorry,  I was musing and rambling about TR069, but I think my post went on to say that I suspected the agent could be something to do with BT Fon ? 

I suppose its also not impossible for BT to write their own 'equivalent' of TR069 anyhow using SNMP.

[dmcdonnell]

Clearly, I can't share any technical details on the vulnerability, but I think it's okay to summarize the risk to users for those who are worried.

Seems to me that every BT Hub version to date has been hacked and the technical vulnerabilities published without the BT universe collapsing into a singularity. Publishing the details will hasten the day when users can:

1. Root the device and use it with another ISP.
2. Install an alternative firmware such as OpenWRT, DD-WRT, Tomato.

Just my 2c.

[zcutlip]

Seems to me that every BT Hub version to date has been hacked and the technical vulnerabilities published without the BT universe collapsing into a singularity.

Agreed.  And I sort of thought that's how this one would play out as well.  However, much to our surprise, things went differently this time.  I don't know if BT reached out to researchers on previous versions of the BT Hub, or if they even had an opportunity to do so before the exploits were released, but they did reach out to us.  As such there are legal ramifications that we have to consider.  And this is not to mention our obligation to users who would be at risk and yet have no knowledge or interest in unlocking their BT devices.

At Tactical Network Solutions, the reaction we generally have gotten from vendors is silence and apathy when we've reported vulnerabilities.  So when a vendor goes out of their way to work with us in good faith, we can't ignore that in good conscience.  To be fair, BT asked for a much longer window than the current 30 day timeline.  I think this represents a good compromise.  It gives BT a fair chance to mitigate the vulnerability while getting this research into the hands of the community ASAP.

Users who hope to eventually unlock their BT Hubs should disconnect them if it is possible to use some other gateway device in the mean time.  This will ensure those devices don't receive an undesired update.

Zach

[btsimonh]

Users who hope to eventually unlock their BT Hubs should disconnect them if it is possible to use some other gateway device in the mean time.  This will ensure those devices don't receive an undesired update.

or we need an 'update' which is pre-fix which works through the firmware update page on the router...  So far as I have heard, no-one has ever seen a firmware update file for this particular unit; although if someone works out what to ask for, it should be there on pb-motive....

[zcutlip]

So far as I have heard, no-one has ever seen a firmware update file for this particular unit; although if someone works out what to ask for, it should be there on pb-motive....

once people have a root shell on the hh3b, research into obtaining a firmware file should proceed fairly rapidly.