Comments on: Call Jacking: Phreaking the BT Home Hub

By: Holes in Embedded Devices: Authentication bypass (pt 2) | GNUCITIZEN

Holes in Embedded Devices: Authentication bypass (pt 2) | GNUCITIZEN — Fri, 15 Feb 2008 17:18:50 +0000

[...] http://www.gnucitizen.org/blog/call-jacking [...]

By: Call Jacking | VoipBloggen

Call Jacking | VoipBloggen — Fri, 15 Feb 2008 06:03:18 +0000

[...] Gnucitizen er jeg faldet over dette spændende indlæg om Call Jacking, hvilket svarer til Hi Jacking, altså en erobring af folks [...]

By: Total surveillance made easy with VoIP phones » Inking’s Security Blog

Tue, 12 Feb 2008 05:29:38 +0000

[...] the article about call jacking with the BT Home Hub? Here is something comparable but pretty new. Since Ronald and pdp had [...]

By: Total surveillance made easy with VoIP phones | GNUCITIZEN

Total surveillance made easy with VoIP phones | GNUCITIZEN — Mon, 11 Feb 2008 22:03:49 +0000

[...] the article about call jacking with the BT Home Hub? Here is something comparable but pretty new. Since Ronald and pdp had [...]

By: Voice over IP Calljacking « security matters

Voice over IP Calljacking « security matters — Mon, 11 Feb 2008 11:41:30 +0000

[...] nicht bietet gnucitizen ein Beispiel wie der VOIP-Router von British Telecom (BT) dazu genutzt werden kann, ungewollte [...]

By: Adrian Pastor

Adrian Pastor — Fri, 25 Jan 2008 12:34:44 +0000

It looks like other home hub users who are also running firmware 6.2.6.B have confirmed our VoIP call jacking hack: http://www.digitalspy.co.uk/fo.....ht=6.2.6.B

By: Adrian Pastor

Adrian Pastor — Fri, 25 Jan 2008 01:20:26 +0000

@David - I guess there is something contagious about my laugh? hehehe

@hackathology - you’re welcome dude!

@Avee - actually it’d be quite simple to setup a tool that allows you to dial phone numbers from your laptop with a simple HTML.

By: Avee

Avee — Wed, 23 Jan 2008 10:54:26 +0000

This is pretty useful for autodialing stuff from my laptop. Thanks!

By: hackathology

hackathology — Wed, 23 Jan 2008 03:26:21 +0000

thanks Adrian.

By: David Kierznowski

David Kierznowski — Tue, 22 Jan 2008 20:10:26 +0000

Adrian’s laugh is always comical :)

By: » Voip flaw in BT router or just an unpatched vulnerability? | IT News Digest | TechRepublic.com

Tue, 22 Jan 2008 17:31:15 +0000

[...] video of the voip exploit is available on YouTube and also details on the flaw as mentioned on the blog of the GNUCitizen Blog are: In summary, if the victim visits our evil proof-of-concept webpage, his/her browser sends a [...]

By: goundoulf

goundoulf — Tue, 22 Jan 2008 14:03:09 +0000

The only way to prevent this with ISP gateways is…

projects like http://www.neufbox4.org which aims at creating an alternative and entirely open firmware for the gateway

ISPs usually break the GPL by using free software and not redistributing, and their gateways rely on security by obscurity.

The customer is then dependent on the firmware upgrade from the ISP following the discovery of a vulnerability, and some times it can take ages before it is corrected.

When the community is in charge of an alternative firmware, vulnerabilities are spotted earlier and corrected faster.

By: Adrian Pastor

Adrian Pastor — Tue, 22 Jan 2008 13:35:23 +0000

@hackathology - 00390669893461 is an international phone number located in the country whose code is 39 (vatican city in this case): http://www.countrycallingcodes.....ng-code=39

@Tim - they prob. fixed it. We tested it on 6.2.6.B, which was the most udpated firmware we could get at time of testing without being part of FON. I believe that signing up for FON makes your Home Hub upgrade to a newer firmware? Correct me if I’m wrong.

as pdp pointed out, firmware version 6.2.6.E can take several weeks to upgrade and it appears that many users are having problems receiving the new firmware.

By: pdp

pdp — Tue, 22 Jan 2008 12:42:26 +0000

The rollout of the BT Home Hub firmware version 6.2.6.E started on 12 December 2007. It can take several weeks before all BT Home Hubs are upgraded to a new version of the firmware, so please be patient. BT Support & Advice

By: Ben Tasker

Ben Tasker — Tue, 22 Jan 2008 12:33:23 +0000

Either BT have now fixed it, or not all BT Home Hubs are vulnerable. Mine simply asks for the username and password, and then asks again when I hit cancel.

The phone never rings afterwards, I do have BT BroadBand Talk and a BT Home Hub running Version 6.2.6.E

By: Tim

Tim — Tue, 22 Jan 2008 12:16:42 +0000

BT have claimed this attack doesn’t work with the firmware they have rolled out at the moment.

By: phil_mcracken

phil_mcracken — Tue, 22 Jan 2008 09:34:06 +0000

If I blackholed the DNS for api.home on my local machine (and others on the network) in the HOSTS file, surely that would render this attack useless?

By: hackathology

hackathology — Tue, 22 Jan 2008 09:26:58 +0000

interesting post. But is 00390669893461 the voip phone number or the LAN line? How did you derive into that number?

By: CBM Security Blog » Blog Archive » More problems for BT Home Hub - This time VOIP

Tue, 22 Jan 2008 08:14:07 +0000

[...] More on this is here http://www.gnucitizen.org/blog/call-jacking [...]

By: Online fraud - please help/advise!!! - Page 4 - The Liverpool Way

Online fraud - please help/advise!!! - Page 4 - The Liverpool Way — Mon, 21 Jan 2008 17:02:29 +0000

[...] Online fraud - please help/advise!!! This is getting worse… Call Jacking: Phreaking the BT Home Hub | GNUCITIZEN [...]