A report in ‘The Register’ claims that BT’s broadband service, provided through its Home Hub scheme, could be vulnerable to hacking when customers make a call routed over the internet.
This could allow an attacker to make calls on the user’s machine, using a false number, according to the report. The hacker could then gain personal details by pretending to be a bank official - an attack known as phishing.
The vulnerability was identified by ethical hacking website GNUCitizen.
Following the report BT disabled the Remote Assistance feature, which patched the original vulnerability.
Later, BT issued a statement to the Register stating: “There’s no risk whatsoever of any ‘VoIP hijacking’ in relation to the Home Hub - we closed this theoretical exploit about three firmware upgrades ago and the purported exploit doesn’t work on the latest version.”
BT commenced its latest firmware update on 12 December 2007 and the BT Home Hub is updated automatically. It can take a few weeks before reaching all BT Home Hubs.