This article is from the source 'bbc' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at http://www.bbc.co.uk/news/technology-38208958
The article has changed 6 times. There is an RSS feed of changes available.
| Version 0 | Version 1 |
|---|---|
| TalkTalk wi-fi router passwords stolen | TalkTalk wi-fi router passwords stolen |
| (35 minutes later) | |
| TalkTalk broadband customers' wi-fi passwords have been stolen following a malware attack that blocked their internet access last week. | TalkTalk broadband customers' wi-fi passwords have been stolen following a malware attack that blocked their internet access last week. |
| The researcher who discovered the issue said other details had also been taken that would let attackers pinpoint where the equipment was being used, making more targeted hacks possible. | The researcher who discovered the issue said other details had also been taken that would let attackers pinpoint where the equipment was being used, making more targeted hacks possible. |
| Pen Test Partners' Ken Munro is urging TalkTalk to replace lots of routers. | Pen Test Partners' Ken Munro is urging TalkTalk to replace lots of routers. |
| But a TalkTalk spokeswoman indicated that a recall would be unnecessary. | But a TalkTalk spokeswoman indicated that a recall would be unnecessary. |
| "As is widely known, the Mirai worm is affecting many ISPs [internet service providers] around the world and it has affected a small number of TalkTalk customers," she said. | "As is widely known, the Mirai worm is affecting many ISPs [internet service providers] around the world and it has affected a small number of TalkTalk customers," she said. |
| "We continue to take steps to review any potential impacts and have deployed a variety of solutions to ensure customers' routers remain safe. | "We continue to take steps to review any potential impacts and have deployed a variety of solutions to ensure customers' routers remain safe. |
| "We have also employed additional network-level controls to further protect our customers." | "We have also employed additional network-level controls to further protect our customers." |
| The BBC revealed last week that TalkTalk's D-Link DSL-3780 routers had been struck by malware causing connectivity issues for those customers using the model. | The BBC revealed last week that TalkTalk's D-Link DSL-3780 routers had been struck by malware causing connectivity issues for those customers using the model. |
| The firm subsequently published advice online telling affected users to reset the equipment - which forced it to install an update to protect itself against the attack - and then "use the wireless network name and password on the back of the router" to get back online. | The firm subsequently published advice online telling affected users to reset the equipment - which forced it to install an update to protect itself against the attack - and then "use the wireless network name and password on the back of the router" to get back online. |
| Security researcher Mr Munro obtained one of the affected routers to study the attack. | Security researcher Mr Munro obtained one of the affected routers to study the attack. |
| His "honeypot" router was hit by the variant of Mirai, which is now being referred to TR-06FAIL. | His "honeypot" router was hit by the variant of Mirai, which is now being referred to TR-06FAIL. |
| But in addition to the connectivity issue, Mr Munro detected that a follow-up attack involving the same malware caused the device to disclose its wi-fi password and Service Set Identifier (SSID) code. | But in addition to the connectivity issue, Mr Munro detected that a follow-up attack involving the same malware caused the device to disclose its wi-fi password and Service Set Identifier (SSID) code. |
| An SSID code can be used to reveal where a machine is located via online tools such as Wigle. | |
| As a consequence, even after subscribers had restarted their routers they could remain at risk if they continued using the same password as before. | As a consequence, even after subscribers had restarted their routers they could remain at risk if they continued using the same password as before. |
| "Most consumers never change the wi-fi keys written on the back of their router, so the fix didn't actually fix the problem," Mr Munro explained. | "Most consumers never change the wi-fi keys written on the back of their router, so the fix didn't actually fix the problem," Mr Munro explained. |
| "Once an attacker has got the wi-fi key, if they go near to the house they can get nearly everything from their home network. | "Once an attacker has got the wi-fi key, if they go near to the house they can get nearly everything from their home network. |
| "TalkTalk should seriously consider replacing customer routers immediately unless it can prove they haven't been compromised." | "TalkTalk should seriously consider replacing customer routers immediately unless it can prove they haven't been compromised." |
| Encrypted communications - such as online banking records - would not be at risk. But emails might be and it would be possible to place malware on computers linked to an exposed network. | Encrypted communications - such as online banking records - would not be at risk. But emails might be and it would be possible to place malware on computers linked to an exposed network. |
| Mr Munro estimated that the recall would involve at least 55,000 routers. | Mr Munro estimated that the recall would involve at least 55,000 routers. |
| TalkTalk's spokeswoman said it "firmly" disputed that number, saying the number of routers infected had been "nothing in that order of magnitude". | |
| Password change | Password change |
| An independent researcher who checked the findings said Mr Munro had reason to be concerned, but added it was not clear who had scooped up the passwords. | An independent researcher who checked the findings said Mr Munro had reason to be concerned, but added it was not clear who had scooped up the passwords. |
| "It's possible they are just security researchers, but also reasonably possible that they are actually criminals that intend to exploit this information," said Dr Steven Murdoch from University College London. | "It's possible they are just security researchers, but also reasonably possible that they are actually criminals that intend to exploit this information," said Dr Steven Murdoch from University College London. |
| "Even if it's the latter, they would have to sit outside your house to do it." | "Even if it's the latter, they would have to sit outside your house to do it." |
| Dr Murdoch said the risk was still high enough that TalkTalk needed to address it, but said there were alternatives to recalling the routers. | Dr Murdoch said the risk was still high enough that TalkTalk needed to address it, but said there were alternatives to recalling the routers. |
| "The hardware is fine, what needs to be replaced is the wi-fi password. | "The hardware is fine, what needs to be replaced is the wi-fi password. |
| "The problem is how to send a new password to all the affected customers. | "The problem is how to send a new password to all the affected customers. |
| "If TalkTalk does this online or over the phone, that leaves the customers open to phishing attacks, where a scammer says: 'As you heard on the news you need to change your password, please do these things...'" | "If TalkTalk does this online or over the phone, that leaves the customers open to phishing attacks, where a scammer says: 'As you heard on the news you need to change your password, please do these things...'" |
| TalkTalk's spokeswoman said some customers who had called in had been advised to change their wi-fi passwords, but the firm's security team now believed the step was unnecessary despite Mr Munro's warnings. |