Huge security alert over BT broadband

Hundreds of thousands of BT broadband customers are at risk of massive breaches of their computer security because of a flaw in the Home Hub wireless network systems installed by the telecoms giant.

Eve a 'teenage script kiddie' could breach system

BT has 4.4m broadband customers and it is believed most of those supplied with wi-fi boxes are vulnerable to hacking. Only the latest versions of the BT system are safe from attack.

And though BT has been aware of the problem for months, it has not written to customers to warn them of the risk and the simple fix.

Computer experts last week demonstrated to Financial Mail how easy it was for a hacker to use a free computer program to join a household network without being told the password. It took five minutes for the program to probe the wi-fi hub and gain access.

From there, more skilled computer criminals could access and seize vital personal data from individual computers.

BT said: 'We are aware of this problem, though we don't believe that any customers have been affected. It's important to realise that, though it has been possible to demonstrate a scenario where the hub may be vulnerable, we don't believe it is something that should affect the majority of BT customers.'

Experts from IT security consultancy NCC Group, one of only three UK firms to have a top level accreditation to work with the GCHQ communications centre, said that computer experts had been discussing the weakness for months.

Paul Vlissidis, NCC's technical director and principal consultant Lloyd Brough, said even a 'teenage script kiddie' - the internet equivalent of a phone box vandal - could penetrate Home Hubs. Doing so without permission from the owner of a network would be strictly illegal and people have already been jailed for breaking into wi-fi networks.

Vlissidis, who legitimately hacks into computer systems as a 'penetration tester', said: 'In the jargon of the hackers, this is a simple exploit.

'Once in, a skilled hacker has the opportunity to take total control over systems, including planting software to steal passwords to bank accounts or capturing credit card details.'

Brough added: 'I am sure there are people driving round the suburbs with laptops trying to do this today.'

The problem with BT's system is a fault with the password supplied to 'secure' the wi-fi network. Hackers have only to try a few permutations, rather than the desirable billions, to gain access.

BT said that even if hackers gained access to wi-fi, it was a 'theoretical' attack. The company strenuously denied bank details could ever be at risk as a result of such an attack. 'There are far more important risks on the internet,' a spokesman said.

Vlissidis and Brough said this attack could be done on a laptop computer or even a smart phone well away from the targeted system. 'This is not theoretical, it is entirely practicable,' said Vlissidis.

• BT customers with queries on how better to protect their computer network can visit bt.com/help/hub.