Hello,
It's been a while since I last posted, so I wanted to update everyone who is following this thread with what's been going on recently.
I should introduce myself more formally. My name is Zachary Cutlip. I work for a boutique computer security firm in the US called Tactical Network Solutions[1]. We specialize in vulnerability research and advanced exploitation targeting embedded devices such as WiFi routers and other network gear. If you've heard of the Reaver WPS exploitation tool[2], that's us. TNS has been super cool about allowing me to pursue this HomeHub 3.0 research as a sort of freelance project.
A couple of weeks ago I had a significant breakthrough by being able to crash one of the applications on the HH3b in a way that I believe to be exploitable. Much to my surprise, this caught the attention of British Telecom, whose head of security contacted me directly at my work email address. This is surprising because at TNS we've never before been contacted by a vendor regarding our research on their products.
In contacting us, BT is asking for priority access to my research (specifically the application crash I'm able to produce) prior to our releasing details publicly. I think this reflects well on BT; to be frank, many vendors don't have much regard for their customers' security. Clearly BT is apart from the norm in this way.
Currently we are trying to work out an arrangement with BT that will be equitable for them and for us. We hope to provide BT with priority access to our research, and then to release public details some time later. We think this seems fair.
For now, I won't be posting much here, if at all. It would be inappropriate to disclose details publicly, before we've figured things out with BT.
In the mean time, be sure to follow us on Twitter (@tacnetsol, @zcutlip) and check out our website.
Happy hacking,
Zach
[1]
http://www.tacnetsol.com[2]
http://hakshop.myshopify.com/products/reaver-pro