Dumping the admin password of the BT Home Hub (pt 2)

This is just a quick update regarding our previous post which details how to extract the default admin password for the latest firmware of the BT Home Hub (6.2.6.E at time of writing). I recommend you to read the previous post if you have not done so yet.

The BT Home Hub’s serial number – which is the default admin password – can also be found on UPnP description XML files. [...]

more | comments | comments rss | posted by

Default key algorithm in Thomson and BT Home Hub routers

Yes, we’re back with more embedded devices vulnerability research! And yes, we’re also back with more security attacks against the BT Home Hub (most popular DSL router in the UK)!

As you know, we encourage folks in the community to team up with us in different projects as we’ve had very successful experiences doing so. This time it was Kevin Devine’s turn. [...]

more | comments | comments rss | posted by

Call Jacking: Phreaking the BT Home Hub

OK, this is a bit of a funny attack – although it could also be used for criminal purposes! After playing with the BT Home Hub for a while (again!), pdp and I discovered that attackers can steal/hijack VoIP calls. Let me explain …

In summary, if the victim visits our evil proof-of-concept webpage, his/her browser sends a HTTP request to the BT Home Hub’s web interface. [...]

more | comments | comments rss | posted by