Firmware updates pushed out to up to 400,000 subscribers
A security vulnerability has been found in Brit broadband biz Hyperoptic's home routers that exposes tens of thousands of its subscribers to hackers.
The gigabit provider's routers are made by ZTE, the Chinese electronics giant that American and
British spy agencies have sounded an alarm over. The
United States has also imposed a ban on American companies selling components to ZTE and other Chinese network gear makers.
In November, infosec outfit Context IS alerted
consumer-rights charity Which? to critical vulnerabilities found in the Hyperoptic broadband home router H298N. These bugs can be exploited to gain control of the device, change its firewall and security settings, change the administrative password, and generally cause havoc.
All a victim has to do is click on a link, for example in an email or message, while on the same local network as the router, to trigger exploitation: the URL takes the victim to a webpage that abuses a hardcoded root password in the router.