James Galvin posted a couple of weeks ago about a recently published exploit which made hacking Eircom’s wireless routers trivial.
As Eircom are the largest provider of residential broadband in Ireland, this is potentially a big deal. As Joe Drumgoole commented at the time:
they have inadvertently created Irelandâ€™s largest free WIFI network. Good man Eircom!
However, BT is now facing an even more serious issue on its wireless routers according to an article in the Register today. At least in Eircom’s case, the vulnerability only exposed the WEP key, allowing use of the wifi on the router.
In the case of the BT router, the Reg is reporting that
a remote attacker can quietly gain full administrator control over a device simply by social engineering a user into visiting a website. The exploit makes it possible to steal a user’s WPA key, listen in on VoIP calls, steal VoIP credentials or change DNS settings so users are silently redirected to fraudulent websites
This is a far more serious an issue then the Eircom one and the number of routers this affected is likely to be orders of magnitude greater.
The one saving grace is that the hack hasn’t been published in the wild, as was the case with Eircom. Yet.