Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: [1] 2

Author Topic: TG585v7 routers and TG585n routers security flaw  (Read 19252 times)

jeffbb

  • Content Team
  • Kitizen
  • *
  • Posts: 2329
TG585v7 routers and TG585n routers security flaw
« on: August 31, 2009, 02:14:43 PM »

Hi
Has anyone heard of a serious security flaw with these routers . I came across the following link

http://www.jibble.org/o2-broadband-fail/

a right ding dong going on

quote  :It affects all TG585v7 routers and TG585n routers. O2, Be*, or Generic.

from http://forum.o2.co.uk/viewtopic.php?t=26192

Regards Jeff
Logged
zen user

roseway

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 39587
  • Penguins CAN fly
    • DSLstats
Re: TG585v7 routers and TG585n routers security flaw
« Reply #1 on: August 31, 2009, 02:27:25 PM »

If it's true then it sounds serious, but without hard information and/or independent confirmation of the vulnerability it's hard to reach any conclusion. If I were using one of these I would certainly swap to something else until the situation is clarified.
Logged
  Eric

orainsear

  • Reg Member
  • ***
  • Posts: 635
Re: TG585v7 routers and TG585n routers security flaw
« Reply #2 on: August 31, 2009, 04:03:02 PM »

I'm currently using a 585v7 but in modem only bridge mode.  If this exploit is genuine I'm guessing it will have something to do with a HTML request to turn on the remote management and possibly add a new admin account or add another password to the current one.
Logged

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 32405
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: TG585v7 routers and TG585n routers security flaw
« Reply #3 on: August 31, 2009, 05:47:35 PM »

Little information is given about what the security flaw is.

At a guess I would image it will be similar to the flaw on the Be routers where the WAN side was left open for Be Techs to be able to remotely access the router.
« Last Edit: August 31, 2009, 06:14:16 PM by kitz »
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker

jeffbb

  • Content Team
  • Kitizen
  • *
  • Posts: 2329
Re: TG585v7 routers and TG585n routers security flaw
« Reply #4 on: August 31, 2009, 06:01:24 PM »

Hi
quote : similar to the flaw on the 'url=http://blogs.securiteam.com/index.php/archives/826]Be routers[/url] where the WAN side was left open for Be Techs to be able to remotely access the router.

way above my head  ??? 

As ZEN are using same routers I have posted on their site to see their reaction.
Regards Jeff
Logged
zen user

Oranged

  • Reg Member
  • ***
  • Posts: 623
    • The Mobile Help Forum
Re: TG585v7 routers and TG585n routers security flaw
« Reply #5 on: August 31, 2009, 06:32:03 PM »

This "story" crops up regularly.

Google it and you'll find it started back in 2007 and has been reported several times in The Register.
Logged

waltergmw

  • Content Team
  • Kitizen
  • *
  • Posts: 2772
Re: TG585v7 routers and TG585n routers security flaw
« Reply #6 on: September 02, 2009, 04:25:09 PM »

Zen have confirmed this exploit for all suppliers using this modem and are urgently working with Thompson on a fix. In the meantime they recommend changing the password.
Kind regards,
Walter
Logged

jeffbb

  • Content Team
  • Kitizen
  • *
  • Posts: 2329
Re: TG585v7 routers and TG585n routers security flaw
« Reply #7 on: September 02, 2009, 06:03:25 PM »

Hi
quote : Zen have confirmed this exploit for all suppliers using this modem and are urgently working with Thompson on a fix


O2 quote : We provide you with a modem free of charge which is encrypted and secure to a level we find acceptable.

That is the difference  :)

Regards Jeff

Logged
zen user

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 32405
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: TG585v7 routers and TG585n routers security flaw
« Reply #8 on: September 03, 2009, 12:20:35 PM »

Seems like both Zen and Be are taking it seriously.
...  and that Be has managed to escalate it to o2

Quote
Zen Internet has got in touch to see if their routers are affected. They seem quite proactive/receptive and will be taking the issue to Thomson as a result of their findings.

Possibly some more exciting news: I've successfully demonstrated the problem to BE (the smaller ADSL company that O2 bought a few years ago) and they have escalated the problem back to O2 on my behalf. Yay! BE uses similar routers to O2 Broadband, although only some of them are vulnerable. BE offers a staffed IRC support channel, which makes it incredibly quick and easy to report problems interactively.

Contact has been made! Chris Buggie (senior tech support manager at O2 Broadband) phoned me to apologise for the way this has been handled so far, and then to discuss the problem in detail. I explained the problem and talked him through some proofs of concept which were successfully demonstrated on his own O2 router. O2 is going to work with Thomson to introduce a fix. We also discussed ways to address the problem in the meantime. O2 Broadband customers can mitigate the risk of attack by enabling authentication on their router's HTTP configuration interface (by default, the device lets you browse directly to http://192.168.1.254 without requiring a password).

One other alarming thing that has become apparent during course of the day is that some other ISPs are affected by the same issue. This could means millions of broadband users in the UK are vulnerable

Still no exact details of the flaw... but judging from "mitigate the risk of attack by enabling authentication on their router"...  sound like a default password issue?


If this is the case.. then it could well be that the routers are also open on the WAN side.. allowing someone to access the router from the outside.

PS. - Edited to add

The default password for these routers is left blank.. so if the owner hasnt changed the passy.. then this seems like it could be the most likely cause and allowing someone to say remotely access the router externally.

« Last Edit: September 03, 2009, 12:27:13 PM by kitz »
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker

JohnAtEclipse

  • ISP Rep
  • Just arrived
  • *
  • Posts: 2
    • Eclipse Internet
Re: TG585v7 routers and TG585n routers security flaw
« Reply #9 on: September 04, 2009, 02:03:31 PM »

Thanks for pointing this out. We're currently checking with Thomson to verify whether the TG585v7's that we provide are vulnerable to this or not.
Logged
eclipse internet - now 15 years old!

w. www.eclipse.net.uk
e. community@eclipse.net.uk
t. twitter.com/eclipseinternet

JohnAtEclipse

  • ISP Rep
  • Just arrived
  • *
  • Posts: 2
    • Eclipse Internet
Re: TG585v7 routers and TG585n routers security flaw
« Reply #10 on: September 04, 2009, 04:13:21 PM »

Good news. The TG585's that we provide are not affected by this issue because we ship them with pre-specifed usernames and passwords for router access. I've had confirmation back from Thomson to this effect and tested it here myself just to be on the safe side.  8)
Logged
eclipse internet - now 15 years old!

w. www.eclipse.net.uk
e. community@eclipse.net.uk
t. twitter.com/eclipseinternet

orainsear

  • Reg Member
  • ***
  • Posts: 635
Re: TG585v7 routers and TG585n routers security flaw
« Reply #11 on: September 04, 2009, 04:40:01 PM »

Hmmm well the current beta firmware from BE for the 585v7 changes the password from blank to that of the router serial number so I presume that this will be rolled out as standard before long.

Edit: BE have distributed an email suggesting that you follow the instructions on the following Usergroup page to secure the BeBox if you haven't already done so.
« Last Edit: September 04, 2009, 07:54:29 PM by orainsear »
Logged

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 32405
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: TG585v7 routers and TG585n routers security flaw
« Reply #12 on: September 04, 2009, 07:57:14 PM »

>> because we ship them with pre-specifed usernames and passwords for router access.

Thanks for that update John.

>> the current beta firmware from BE for the 585v7 changes the password from blank to that of the router serial number so I presume that this will be rolled out as standard before long.

Could well be. - wouldnt be a bad thing.   
More and more ISPs seem to be using TR 069 to pre-configure their routers so this may well have an impact too.
However there is I suppose always a danger if a router is open for remote management and a SuperUser/ Tech Support passy gets leaked.

Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 32405
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: TG585v7 routers and TG585n routers security flaw
« Reply #13 on: September 04, 2009, 08:01:06 PM »

Orainser

Just seen your edit - judging from that information it certainly looks like it was the open port issue for remote management..  and the fact that the passy is set by default to blank.


I'm not too keen though on the advice to disable the ping responder.  :mad:
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker

orainsear

  • Reg Member
  • ***
  • Posts: 635
Re: TG585v7 routers and TG585n routers security flaw
« Reply #14 on: September 04, 2009, 08:45:04 PM »

>>>I'm not too keen though on the advice to disable the ping responder

Cue *internet black hole smiley*

The wording of the email suggests that it's a bit of a quick fix and that they are looking towards a longer term solution from Thomson.
Logged
Pages: [1] 2