Go Back   The Scream! > ISP FORUMS > News

Reply
 
Thread Tools Display Modes
  #1  
Old 04-February-2010, 22:57
PsiDOC
Guest
 
Posts: n/a
Default BT Adds Backdoor access to Latest Home Hub firmware.

BT Has added an open port and firewall rule that allows anyone with the correct rsa keyfile full access to the BT HomeHub settings and possibly more.

Affected Hardware : BT Home Hub Version 2.0a
Affected Firmware : 8.1.H.J

During my recent exploits unlocking the latest Home Hub 2.0A firmware - Version 8.1.H.J - I have some very worrying issues.

This line has been added to the firewall:
Code:
rule add chain=forward_custom name=BTAgent srcintf=wan dstintf=lan dstip=192.168.1.253 serv=BTAgent_dst state=enabled action=accept
What this line says is to accept all traffic from a port tagged "BTAgent_dst" and pass it from the WAN (internet) to network IP address 192.168.1.253, which is the secondary address of the router.
The port tag "BTAgent_dst" can be found in the expr.def file and is:
Code:
add name=BTAgent_dst type=serv proto=udp dstport=snmp
The UDP SNMP port is port 162.

Was this left there by accident? I think not. Please read on

Also in the firmware some extra files and directories have been added. These are a BTAgent executable, it' start script (btagentstart.sh), libtransport ,libplugins a secure key file for authentication and a few more bits and bobs. I am no linux expert so I have uploaded them here for those that know more than me can have a look and comment. I have however removed the rsa keyfile for security reasons.
What does worry me about this is the fact that the btagentstart.sh contains reference to a read / write directory what is that needed for? To upload plugins?

To summarise:
BT Have put a backdoor into firmware 8.1.H.J This port is permanently open and cannot be closed by the router user.
BT Are running extra files on the router called BTAgent which obviously recieves traffic from the backdoor above.
BT can access any router with this firmware version at any time through the above!
No one was any the wiser about this as BT kept it hidden from view.

I have queried this backdoor with BT on their community forum.
They admitted to it being there on the 1st post of this page and yet deny it's existance on the last post at the bottom. Then they locked the thread soon after. That being very suspect in itself.

Last edited by Memfis; 05-February-2010 at 01:35. Reason: Removed port number
Reply With Quote
  #2  
Old 05-February-2010, 13:35
Austin_KW
Guest
 
Posts: n/a
Default Re: BT Adds Backdoor access to Latest Home Hub firmware.

BT has the ability to remotely manage some of its business products.
Sounds like they have added similar functions to the homehub. And obviously SNMP was how we managed (monitored and configured) all network devices before we had nice web interfaces.

You may be concerned that BT could manage or that some third party could gain access to your device/network. BT can already see what's on the WAN side (Phorm trial) but you could be concerned that they have an agent sitting on your lan boundary.
Reply With Quote
  #3  
Old 05-February-2010, 15:24
silver's Avatar
silver silver is offline
 
Join Date: Apr 2001
Location: Bournemouth, UK
Posts: 12,177
Default Re: BT Adds Backdoor access to Latest Home Hub firmware.

also unless I missed it in the text having the rsa key file off of the router does not have to mean you can use that key file to gain entry to other routers,.

I do not know enough about the system they are using but common sense would suggest they would be doing something to lock it down to just them (i.e. regardless of if the rsa key file was made public) - I could be wrong but that is my current feeling
Reply With Quote
  #4  
Old 05-February-2010, 16:12
Austin_KW
Guest
 
Posts: n/a
Default Re: BT Adds Backdoor access to Latest Home Hub firmware.

I would assume it is the public key of a client authentication. The private part is kept (secret) by bt to prove who the are and then only they can connect?

Similar to server SSL where everyone can know the servers public key, but only the server can encode using the server key, so the server authenticates itself.
At least that is how these things are supposed to work. Releasing a public key has no security problems, the secret is the private key.
Reply With Quote
  #5  
Old 27-March-2011, 18:11
slowgrind
Guest
 
Posts: n/a
Default Re: BT Adds Backdoor access to Latest Home Hub firmware.

I would assume it is the public key of a client authentication. The private part is kept (secret) by bt to prove who the are and then only they can connect?

Similar to server SSL where everyone can know the servers public key, but only the server can encode using the server key, so the server authenticates itself.
At least that is how these things are supposed to work. Releasing a public key has no security problems, the secret is the private key.
Originally Posted by Austin_KW View Post



so is homehub 2.0 type A 8.1.H.J firmware hackable via software or not?
Reply With Quote
  #6  
Old 14-April-2011, 13:18
Bob re Ofcom
Guest
 
Posts: n/a
Default Re: BT Adds Backdoor access to Latest Home Hub firmware.

Hi,
does anyone have any information regarding Ofcom and PPP's failaure to regualte the Premium Rate Phone Industry? I am the person who blew the whistle from within the ITN Building that led to the fraud squad raid. Ther had been more than one of us reporting the fraud to Ofcom and PPP during the previous year. Dis anyone ever compalin about BGTV to the regulators? Has anyone written to the Parliamentary Ombudsman? I need this information re an unresolved 200 million fraud on the public by the regulators. My evidence to Parlaimanrt is at http://www.parliament.the-stationery.../72/72we22.htm
Reply With Quote
Reply

Tags
broadband, bt, bt home hub, files, firmware, forward, fraud, home, home hub, hub, internet, key, line, lock, network, ofcom, phone, port, premium rate, public, router, security, settings, software, web

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Unlocking BT Home Hub V1.5 6.2.6.H FIRMWARE mulkman ADSL Router Mods 1 18-December-2009 00:23
BT Home Hub V1.0 - Cannot access even after flashing firmware Gomog6 ADSL Router Mods 0 23-February-2009 13:53
Home hub firmware update BLI and Magic Gate? moog ADSL Router Mods 0 18-October-2007 16:16
lsass.exe Windows XP DigitalAlex General Software 17 12-August-2007 23:49
TiVo pitches DVRs as home network hub gem News 0 10-January-2003 18:52


All times are GMT +1. The time now is 00:09.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Copyright 1999-2014 The Scream!