400,000 Broadband Users Open to Hacking

It has been revealed that more than 400,000 Brits were left vulnerable to hacking
Due to a security flaw in the ZTE built H298N and H298A routers. 

Hyperoptic, the UK’s biggest residential gigabit provider by market share, provided customers with a router made by Chinese manufacturer ZTE. A flaw in the router allowed hackers to take remote control of the user’s home network -- but only after the user clicked on a ‘phishing’ link that effectively keyed the lock. 

Clicking the link would allow a hacker to take control of the user’s home network, weaken firewalls, change passwords and spy. Theoretically, the hacker might also be able to transform the user’s home network into a botnet for spam or to distribute denial-of-service attacks. This is particularly scary, since users are often unaware that their network is being used illegally as part of a botnet. 

Due to the seriousness of the router security flaw, the National Cyber Security Centre has advised telecoms companies against using ZTE equipment. 

Hyperoptic has since ‘patched’ the issue. They were made aware of the flaw in November last year by consumer watchdog Which. Despite their issues with ZTE routers, however, they have taken a defiant stance and will continue to use them. 

In a statement, Hyperoptic's chief customer officer Steve Holford said, "Hyperoptic considers the security of customer data and connections to be our highest priority and we thank Which? for highlighting this particular issue. As soon as we were made aware of the concern, we immediately changed the passwords to safeguard these devices, and we have been working together with our supplier to implement new security controls.”

Elsewhere, over the pond in 2012, ZTE was cited as an OEM capable of “undermining US national security” by the House Intelligence Committee. ZTE hit back at the claims, issuing a statement that “ZTE equipment is safe”. 

At Avalon, we test the routers we supply, and we research hardware products to ensure that our customers should not vulnerable to security flaws. And since you’re here - no, we don’t use routers manufactured by ZTE. However remember there is no such thing as 100% security.

Posted on April 30th 2018

Loading... Updating page...